Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.


Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

High number of IT guideline breaches in Scotland

  • Comment

NHS staff in Scotland breached IT guidelines almost 500 times in the past three years, according to new statistics.

A total of 481 breaches were recorded by health boards from 2010, according to data gathered by the Conservatives under Freedom of Information legislation.

Incidents included sharing passwords, swearing in emails, inappropriate Facebook comments and staff installing banned software on health board computers.

The data shows that at least 195 breaches were recorded last year, with at least 170 recorded in 2011 and 109 in 2010.

Two boards, Tayside and Dumfries and Galloway, gave figures for the three-year period instead of a yearly breakdown, totalling seven cases.

At least 15 workers have been sacked or resigned as a result of the breaches while others were even given counselling, though some health boards refused to detail what disciplinary action had been taken.

The Conservatives said the true numbers are expected to be much higher because Scotland’s largest health board - Greater Glasgow and Clyde - did not provide its figures.

Conservative health spokesman Jackson Carlaw said: “More and more sensitive information in hospitals is being held electronically, including patient records and highly-confidential data.

“As a result, we need to ensure those who have access act completely responsibly to ensure it doesn’t end up in the wrong hands.

“The fact this trend appears to be increasing is very concerning, particularly when you consider high-profile incidents of data loss over recent years.

“I’m sure the vast majority of these breaches have been committed accidentally but that makes it even more critical that the NHS IT system is secure and resilient to such gaffes.”

A Scottish government spokeswoman said: “IT security is a matter for individual health boards, however we take security in hospitals and the confidentiality of patient data very seriously - and any breach is completely unacceptable.

“That is why we have made significant investment and improvement in IT security and staff training over the last five years, and as a direct result more incidents or near misses are now being reported.

“We believe this is essential as it allows lessons to be learned, further steps be put into place and staff disciplined if necessary.”

The government said the NHS in Scotland has a total of 165,000 staff working in more than 3,200 buildings and using more than 110,000 computer devices.

  • Comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.