Trusts fail to discipline staff over data breaches

NHS managers are failing to take action against staff who are involved in data breaches, according to the GP magazine Pulse.

The magazine says it used the Freedom of Information Act to obtain information about breaches of confidentiality and data losses from 47 NHS organisations.

It found there had been188 reported incidents of staff breaching privacy rules or accessing patient data without authorisation, and 75 reported incidents of staff losing data, since January 2007.

However, it says just 14 of these incidents were followed up with formal disciplinary action, and that this tended to take the form of a verbal or written warning. None of the trusts reported suspending or dismissing staff.

The incidents uncovered included major and well known incidents, such as the theft of a laptop containing the bank details of staff at Royal Cornwall Hospitals NHS Trust. However, most were relatively minor, such as faxes going astray and confidential records being disposed of inappropriately.

A number of trusts also reported staff inappropriately accessing patient records “for purposes not related to healthcare.” Most trusts reported they had simply advised the employees responsible of the correct procedures or sent them for "retraining."