Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

NHS Grampian under fire after patient records found lying in supermarket

Aberdeen Royal Infirmary
Aberdeen Royal Infirmary

Papers containing sensitive patient information were left lying in a supermarket and public areas of the north-east’s flagship hospital.

Troubled NHS Grampian has now been warned it faces a fine of up to half a million pounds if it does not tighten-up its data protection procedures.

The health board insisted last night it took its responsibility to keep patients’ details confidential “very seriously”.

But shocked north-east MSPs said a string of breaches was “totally unacceptable” and urged the board bosses to improve standards immediately.

The Information Commissioner’s Office (ICO) has already issued an enforcement notice ordering NHS Grampian to make improvements to its practices after papers were abandoned in public areas of Aberdeen Royal Infirmary on five occasions over a 13-month period.

A sixth incident involved papers found discarded at a local supermarket.

The records were all returned to the health board. The last incident was on March 28.

And ICO’s investigation found that NHS Grampian did not have a register identifying the personal information held and the department responsible for looking after it.

It said the health board had failed to plug a gap in its procedures which was first discovered by the commissioner as long ago as December 2011.

ICO assistant commissioner for Scotland, Ken Macdonald, said: “It’s a fundamental requirement of the Data Protection Act that organisations understand what personal information they hold and who is responsible for looking after it on a day-to-day basis.

“NHS Grampian failed to do this, despite committing to addressing this problem when our office highlighted it as an issue during an audit three years ago.

“We hope this enforcement notice gives the organisation a further chance to put their house in order and look after the information of the people they serve.”

Mr Macdonald said failure to comply with the notice was a criminal offence.

“If any further breaches occur, we do not rule out taking further regulatory action, including fining the organisation up to £500,000,” he added.

The health board has until June 29 next year to complete an information asset register.

NHS Grampian is currently facing a staffing crisis and its chief executive Richard Carey and board chairman Bill Howatson have both resigned amid criticism of its management by senior clinicians.

Last week, civil liberties group Big Brother Watch released information which showed there were 23 data protection incidents involving NHS Grampian workers between 2011-14.

North-east Conservative MSP Nanette Milne said: “It is totally unacceptable that private and confidential information held on patients in Grampian is not 100% secure.”

Aberdeen Donside SNP MSP Mark McDonald said: “This is a very serious finding which I expect NHS Grampian will take urgent action to address.”

North-east Labour MSP Richard Baker said: “It is not acceptable that patients’ personal information has been left in public areas and there is the threat of a £500,000 fine that the board simply can’t afford.”

North-east Liberal Democrat MSP Alison McInnes said the board must take a “vigilant approach” when it came to protecting confidential patient information.

A spokeswoman for NHS Grampian said it was “fully committed” to meeting the commissioner’s demands.

“All the incidents were investigated in full at the time, and we took any necessary actions to reinforce correct practice,” she added.

“There are millions of occasions that patient data is handled by staff and we take the issue of data protection very seriously.

“We regularly train our staff in the importance and procedures covering data protection for the people we serve, and will continue regular training and awareness raising.”