Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Woman ‘devastated’ after Ninewells worker twice snooped on her records

NHS Tayside has admitted the employee had "no legal basis" to access the Perthshire patient's records.

The data breach happened at Ninewells Hospital in Dundee.
The data breach happened at Ninewells Hospital in Dundee. Image: Kim Cessford/DC Thomson

A Perthshire woman says she has been left “devastated” after a Ninewells Hospital worker twice snooped on her records.

Details including the 56-year-old’s name, date of birth, address and hospital appointments were accessed on two occasions.

The woman, from Inchture, first suspected her data had been breached when the NHS Tayside worker – who she knew personally – let slip private information during an argument between the pair.

The woman was not attending Ninewells at the time but had records from previous treatment at the hospital.

NHS Tayside has since admitted the employee had “no legal basis” to access the records and has apologised for the breach.

Woman ‘incensed’ after Ninewells data breach

The woman, who asked not to be named, told The Courier: “I was incensed when I found out – I just thought, ‘How dare they?’

“When NHS Tayside got back to tell me there had been a breach I was quite devastated.

“I wanted to know what was accessed – I didn’t let it go and have reported it to the police.

“It still bothers me because I think of who the person could have told.

“I am exhausted with this.”

The entrance to Ninewells. Image: Kris Miller/DC Thomson

The woman discovered the breach in March 2023, when it was reported to both NHS Tayside and Police Scotland.

It was also referred to the Information Commissioner’s Office (ICO), which found that the health board had not complied with data protection obligations.

The watchdog upheld the woman’s complaint and made recommendations to NHS Tayside, including mandatory training for staff and updates to procedures.

The woman believes that the employee who accessed her data is still working at Ninewells.

She said: “I worked in the NHS for years and would have lost my job if I did something like this.

“I want people going into Ninewells to know the employee is still there and is still able to access data.”

Health board admits worker had ‘no legal basis’ to breach patient’s confidentiality

In a letter to the Inchture woman, NHS Tayside admitted that her data had been accessed on two occasions – November 10 2021 and April 21 2022.

It said: “NHS Tayside accept that the individual that accessed your records did so inappropriately, with no legal basis to do so, and confirmed to you that this was a breach of your confidentiality in the form of inappropriate access of your health information via the Trakcare patient administration system.

“The data that was accessed within the Trakcare system included your name, address, date of birth, telephone number and information relating to past and future hospital appointments.”

It added: “NHS Tayside wishes to apologise to you again for this breach and assure you that we take the security of your personal data very seriously.

“Due process has been followed by NHS Tayside around the investigation of this data breach.”

NHS Tayside won’t say if worker still employed after Ninewells data breach

NHS Tayside has refused to confirm whether the staff member still works at the hospital.

A spokesperson said: “We have apologised to the woman involved about what has happened and remain in direct contact with her to respond to any outstanding concerns she has.

“NHS Tayside takes the security of patient data extremely seriously and any recorded data breaches are investigated by the Information Governance and Cyber Assurance Team.

“This particular breach was reported to the Information Commissioner’s Office and they have also investigated the matter.

NHS Tayside has apologised for the breach. Image: Steve Brown/DC Thomson

“NHS Tayside has a duty to look after the information that we hold and everyone who processes or accesses information has a responsibility to ensure they comply with data protection legislation, information security and records management.

“Staff are frequently made aware of their responsibilities with respect to data protection and confidentiality, and the need to undertake mandatory information governance training.

“NHS Tayside also has an electronic privacy monitoring system within clinical systems across the organisation to proactively detect unauthorised or inappropriate access to electronic health records.”

A Police Scotland spokesperson said: “We can confirm that police did receive a report regarding this matter on Wednesday March 22 2023 and Friday October 12 2023.

“Advice was given to the reporter and they were advised to contact the relevant agencies.”

Conversation