Gareth Rose reports:
An investigation is under way into a breach of patient confidentiality at one of Scotland’s biggest hospitals after a cleaner looked up a young mother’s medical records on a computer and used them to pester her online.
The worker noticed the woman while she was being treated at the hospital’s accident and emergency department after injuring her hand in a fall.
She had no contact with him at the time, but the next day he sent her a message through the social networking site Facebook.
The woman, who has asked not to be named, received five messages in all from the cleaner, who admitted using hospital computers to look up her personal details and track her down online.
She said she was shocked and scared after receiving the messages and has called for an inquiry into how patients’ records are protected at the ERI.
The worker is now understood to have been suspended by Consort, the private company contracted to clean Edinburgh Royal Infirmary, and NHS Lothian has referred the matter to police who are now investigating.
Read more on Scotsman.com. There is no way in hell a cleaner should have been able to look up a patient on a hospital computer. Perhaps someone failed to log out, but if so, why doesn’t the system have automatic logout? While the police will do their part, this type of situation screams for an audit of the infirmary’s security and data protection. And depending on the outcome of the investigation, the ICO might want to seriously consider fining the NHS.
h/t, @PrivacyMemes