Page last updated at 12:59 GMT, Wednesday, 26 November 2008

Health boards 'broke data laws'

X-rays found at Law Hospital, Pictures by Darren Edmond
X-rays were found at the old Law Hospital in Lanarkshire

Two Scottish health boards broke data protection laws by leaving patients' personal information at abandoned hospitals, it has been ruled.

In May, it was revealed that documents had been discovered at Strathmartine Hospital on the outskirts of Dundee.

Then in July a similar find was made at the former Law Hospital in Carluke.

The Information Commissioner's Office (ICO) has found NHS Tayside and NHS Lanarkshire guilty of breaching the Data Protection Act.

The ICO has demanded that both health boards sign an agreement to follow the Data Protection Act and stick to recommendations made recently by NHS Quality Improvement Scotland to make sure it does not happen again.

If they do not comply, further enforcement action is likely and could result in prosecution.

The BBC Scotland news website revealed in July that amateur photographers had found x-rays, photographs and other paperwork at the old Law Hospital.

Some of the documents had been marked "confidential".

A couple of months earlier it had been revealed that a member of the public had found personal information at Starthmartine - including details of a girl's adoption and a child with foetal alcohol syndrome.

Clearly health records can contain particularly sensitive information
Ken Macdonald
Information Commissioner's Office

A report found that NHS Tayside had repeatedly been warned about the documents but only made sure they were all removed when the issue broke in the media.

Following the discoveries, NHS Quality Improvement Scotland drew up a number of recommendations, which the Health Secretary Nicola Sturgeon accepted.

Ken Macdonald, assistant commissioner for Scotland at the ICO, said: "The Information Commissioner's Office takes all breaches of data security seriously.

"Clearly health records can contain particularly sensitive information and must be held securely and disposed of appropriately when no longer required.

"It is also a serious concern that both NHS Tayside and NHS Lanarkshire were keeping information for longer than necessary.

"We have ordered both NHS bodies to comply with the Data Protection Act in future or risk further enforcement action by the ICO."

A spokeswoman for NHS Tayside said: "Since the incident at Strathmartine we have reviewed all our medical records and information systems procedures and taken steps to ensure we are in compliance with the Data Protection Act."

Print Sponsor


SEE ALSO
New rules to protect patient data
03 Oct 08 |  Glasgow, Lanarkshire and West
NHS records left despite warnings
03 Oct 08 |  Tayside and Central
Medical notes found in empty flat
16 Sep 08 |  Edinburgh, East and Fife
Scrutiny call after files found
11 Jul 08 |  Glasgow, Lanarkshire and West
Files found in abandoned hospital
11 Jul 08 |  Glasgow, Lanarkshire and West
Patient files found 'scattered'
11 Jul 08 |  Glasgow, Lanarkshire and West
Data watchdog probes health board
23 May 08 |  Tayside and Central
Probe into dumped health records
22 May 08 |  Tayside and Central

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC iD

Sign in

BBC navigation

Copyright © 2019 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific