Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Concern as personal data of 284 diabetic patients breached at NHS Highland

Disgruntled patients can often seek compensation. Image: DC Thomson
Disgruntled patients can often seek compensation. Image: DC Thomson

A data breach at NHS Highland has led to the personal information of 284 patients with diabetes being shared with more than 30 people.

The error, which occurred on Tuesday November 17, led to the names, dates of births, contact information and hospital identification numbers of the patients being revealed.

The information had been stored in a spreadsheet and included recorded notes of when patients attended or were offered training.

NHS Highland referred itself to the Information Commissioner’s Office (ICO) over the incident the following day and has contacted patients affected via a letter.

No personal information relating to medical history was shared.

One patient whose details were breached said: “I have significant concerns with how NHS Highland has handled this.

“As a public sector organisation, you expect much stricter controls on information handling.

“The letter they have sent does not suggest a high degree of ownership of the problem.

“Knowing there have been previous incidents similar to this does not fill me with great confidence.

“It is disappointing.”

In June 2018, an email blunder led to the names and email addresses of 37 patients with HIV being revealed by NHS Highland, which the health board later apologised for. 

In a letter to victims of the latest breach, David Park, deputy chief executive of NHS Highland said that “regrettably” a data security incident that involves personal patient data had occurred offering his “most sincere apologies”.

He continued: “We deeply regret that this incident occurred” adding that a review of internal controls is being undertaken to “reduce the risk of this happening in the future”.

Individuals who received the excel spreadsheet containing the confidential information are being requested to delete the file by the health board with confirmation sought that the process has been followed through.

Pam Dudek, NHS Highland’s chief executive said: “NHS Highland has directly contacted all of the patients affected by this data breach to apologise unreservedly.

“We have reported the incident to the Information Commissioner and are holding an investigation into this matter.

“31 people were sent information of a patient list of 284 people including contact details and date of birth.

“No medical information was included other than the name of the clinic.”

An ICO spokeswoman said: “We have been made aware of an incident by NHS Highland and will be looking into the details.

“All organisations have a duty to protect the personal information in their care.”

Regional MSP David Stewart has written to NHS Highland’s chief executive Pam Dudek regarding the data breach after being contacted by a patient involved.

He said: “Data and confidential information of national health service patients must be treated in the strictest confidence by those handling it.

“I am aware that there is tremendous pressure on front-line staff, not only on nurses and clinical staff, but on administration staff, due to the pandemic.

“However, this is serious and the second time in 17 months that an NHS Highland data breach has been raised with me.

“The last time I asked the First Minister, in the Scottish Parliament, about a breach involving HIV patients she admitted that ‘clearly there had been failings’ and the safeguarding of patient data was ‘of the utmost importance’.

“I believe the Information Commission has been informed of this latest breach and I hope that reassurances can be given once and for all that systems have been changed to stop this happening again.”

Back in July, the health board lodged an investigation after a bag containing Covid-19 tests was found at the side of a Highland road.