NHS staff in Fife have been reported for breaching IT guidelines in hospitals more than any other health board area in Scotland over the past three years, according to figures published by the Scottish Conservatives.
The figures highlighted 187 Fife incidents where staff were found sharing passwords, swearing in emails, making inappropriate Facebook comments and installing banned software on health board computers since 2010.
The figures showed that in Tayside three incidents were recorded.
But NHS Fife said the number of incidents recorded were down to their zero-tolerance approach to IT breaches, with Fife the first area in Scotland to achieve the recognised standards of combatting the problem.
A total of 487 incidents were recorded in Scotland as a whole. The figures were obtained by the Scottish Conservatives through a Freedom of Information request.
The true numbers are expected to be much higher, with Scotland’s largest health board, Greater Glasgow and Clyde, failing to provide its figures and many others saying significant numbers would have been dealt with at line-manager level, meaning they were not formally recorded.
Responses received from Scotland’s health boards have revealed other offences, including forwarding emails to the wrong recipient and “inappropriate use” of work computers.
Of the 481 breaches noted, 195 took place in 2012, with 170 in 2011 and 109 the year before that.
At least 15 Scottish workers have been sacked or forced to resign, while a handful of others were even given counselling as a result of the offence, though some health boards refused to detail what disciplinary action had been taken.
Scottish Conservative health spokesman and deputy leader Jackson Carlaw MSP said: “More and more sensitive information in hospitals is being held electronically, including patient records and highly confidential data.
“As a result, we need to ensure those who have access act completely responsibly to ensure it doesn’t end up in the wrong hands.
“The fact this trend appears to be increasing is very concerning, particularly when you consider high profile incidents of data loss over recent years.
“I’m sure the vast majority of these breaches have been committed accidentally, but that makes it even more critical that the NHS IT system is secure and resilient to such gaffes.
“The NHS in Scotland is having to tighten its belt. And increasing use of IT can actually help this process. But, as that happens, it’s equally essential the electronic systems in place are not vulnerable to attack or mistaken meltdown.”
Mrs Chris Bowring, director of finance with NHS Fife, said: “NHS Fife is the first board in Scotland to have ISO 27001 accreditation and we take a zero-tolerance approach to IT breaches.
“Our security system monitors all activity, picking up and recording any breaches. Breaches are then followed up and, when necessary, our staff are appropriately disciplined.”
ISO 27001 certification is an internationally-recognised standard that is awarded to those organisations who can demonstrate that their information security management system (ISMS) can identify, manage and minimise the range of risks to which information is regularly subjected in accordance with the International Organisation for Standardisation (ISO).
Mrs Bowring added: “The ISO 27001 audit and certification process focuses on every aspect of our team, including physical infrastructure, site security, personnel capabilities, communications and operations, legal compliance, back-up and disaster recovery systems.”