Fife MSPs have slammed a “major failing” that allowed a bogus nurse to help care for a hospital patient before stealing data.
The unnamed woman gained access to a ward at St Andrews Hospital in February and has never been traced.
And the Information Commissioner’s Office (ICO) has rapped NHS Fife after it emerged the woman did not undergo an identity check.
She was handed a document containing 14 people’s personal data.
However, neither the “nurse” nor the document were traced as CCTV was switched off.
North East Fife Liberal Democrat MSP Willie Rennie branded the incident deeply concerning.
And he has called for robust security measures to prevent a repeat occurrence.
Meanwhile, Labour MSP Alex Rowley said it exposed “a catalogue of failure within NHS Fife.”
Health chiefs have apologised to those involved in the breach.
Public must have confidence after ‘alarming incident’
Mr Rennie, whose constituency includes St Andrews, said: “This was an alarming incident and I understand it was deeply concerning for the patients involved.
“It is now up to NHS Fife to reassure patients that their personal data can be kept safe.
“I am glad NHS Fife has already made changes following this incident.
“They must ensure that the Information Commissioner’s recommendations are implemented in full, and that robust security measures are in place to prevent anyone else from being able to do this in future.”
And Mr Rowley, a Mid Scotland and Fife MSP, added: “This was a major failing by NHS Fife that exposes a catalogue of failures.
“I note that NHS Fife state they are taking steps to address the failures that have been exposed.
“But, again, no-one is taking responsibility or being held to account.
“The public must have confidence that people are safe in hospitals.
“And this must be a priority for the senior managers who are in charge of and accountable for the running of our National Health Service here in Fife.”
NHS Fife reported St Andrews Hospital breach to the police
NHS Fife confirmed the incident and said all patients involved and their families were informed.
A spokesperson said: “Earlier this year an individual purporting to be a member of agency nursing staff attended St Andrews Community Hospital.
“The individual was only on a ward for a short period of time and left shortly after being challenged by a member of the nursing team.
“While the person was never alone with any patient, they did have access to a handover document containing information relating to patients on the ward.”
The incident was immediately reported to police and the Information Commissioner’s Office.
The spokesperson added: “A range of additional measures were put in place shortly after the incident to prevent such a matter from occurring again in future.”
Conversation