NHS Tayside’s poor handling of data has been in the spotlight again after the medical records of 125 patients were mistakenly released this month.
The health board has faced repeated criticism for wider accidental leaks, errors and worrying delays.
Here is every NHS Tayside data breach that has emerged publicly in the last two years.
1 – Staff personal details leaked
It’s not just angry patients who have been affected by bungled record management.
In August 2023, NHS Tayside staff were “raging” after their personal details were shared.
A Microsoft Excel spreadsheet containing sensitive information about employees was sent in error to the corporate equalities team.
It’s understood the leaked data included contact details, next of kin and, most worryingly, private details.
2 – Patient paperwork goes missing
Just weeks later the health board made another blunder.
Health chiefs were forced to apologise after paperwork for hundreds of patients went missing.
Details of patients’ mental health and learning disabilities were contained in the documents.
NHS Tayside sent a letter to nearly 500 people affected and said “significant time” had been spent trying to track down the files.
3 – Perthshire woman victim in three breaches
Perthshire woman Amanda Flood was “devastated” to find out a Ninewells Hospital worker twice snooped on her records.
Details including her name, date of birth, address, and hospital appointments were accessed on two separate occasions.
Ms Flood, from Inchture, discovered the breach in March 2023, when it was reported to NHS Tayside and Police Scotland.
We then revealed earlier this month she had been a victim of yet another breach.
In October, Ms Flood received a letter revealing her personal details had mistakenly been sent to a patient.
4 – Primary school files lost
In February we revealed NHS workers lost documents containing personal details about primary one pupils.
Parents at Eastern Primary School in Broughty Ferry were “furious” over the major error.
Files were lost by a health board staff member while they were taking height and weight measurements of the young schoolchildren.
Tayside chiefs told parents the data had not been recovered despite an “extensive search”.
5 – Eljamel patients have complaints upheld
In August The Courier revealed NHS Tayside had broken data protection rules over its handling of a patient’s records.
Alan Ogilvie is a victim of the disgraced ex-Dundee surgeon Sam Eljamel.
Mr Ogilvie complained after he had to wait more than four months for his data to be handed over.
The UK Information Commissioner upheld his complaint and said the health board failed to respond within the legal timeframe.
He is not the only Eljamel patient to experience delays to accessing data.
In March 2024, Kinross campaigner Jules Rose was vindicated after lodging a similar complaint with the Information Commissioner.
In November, it was also revealed Eljamel victims were among 657 patients who had their private details leaked.
Campaigners including Ms Rose were shocked to find out their personal details had accidentally been sent to a member of the public.
6 – False claim over deleting HIV patient’s records
The health board was under fire again a month later after falsely claiming to have deleted a Dundee HIV patient’s historic data.
The local resident, a witness to the UK infected blood inquiry, has been locked in a battle with the health board to obtain records dating back decades.
“I’m exhausted, frustrated, and angry,” the patient told The Courier.
At the time of writing, the patient is yet to receive the data they requested.
7 – 125 patient records released in error
NHS Tayside launched an internal review last week after the data of 125 patients was released by mistake.
The Courier had submitted a request asking for the number of people treated for animal-related injuries in recent months.
Instead the health board sent us a spreadsheet with the home addresses, birthdates, and health conditions of more than 100 patients.
Tayside bosses apologised and said the internal probe will look to improve data security.
But patients affected by major breaches will be sceptical about that happening anytime soon.
A spokesperson for NHS Tayside said: “Everyone working within NHS Tayside has a duty to look after information.
“All staff are required to undertake mandatory training.
“All breaches of data protection are recorded and investigated.
“NHS Tayside’s chief executive has recently commissioned a learning review.”
Conversation