Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Fake nurse entered hospital ward and left with patients’ data, says watchdog

The CCTV had been accidentally turned off so the person involved has not been identified or caught.

Pa Scotland Reporter
Tuesday 28 November 2023 12:20 EST
The incident happened at St Andrews Community Hospital in Fife (Yui Mok/PA)
The incident happened at St Andrews Community Hospital in Fife (Yui Mok/PA) (PA Archive)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A person posing as a nurse entered a hospital ward, helped staff with a patient and then made off with personal information from 14 patients, a watchdog has found.

Police have been unable to identify the person or recover the lost paperwork as their progress has been hindered by the CCTV having being accidentally switched off by a staff member, the Information Commissioner’s Office (ICO) said.

The data protection watchdog has reprimanded NHS Fife after the incident at St Andrews Community Hospital in February.

The health board said the person, “purporting to be an agency nurse” was in the hospital for a short period and left after being challenged by staff.

The data was taken off site by the person and has not been recovered

Information Commissioner's Office report

The ICO said the unauthorised person gained access to the ward and then, “due to a lack of identification checks and formal processes”, they “assisted with administering care to one patient” and were handed a document containing the personal information of 14 people.

The ICO said: “The data was taken off site by the person and has not been recovered.

“While the hospital had CCTV installed, the wall socket with the CCTV had been accidentally turned off by a member of staff prior to the incident.

“The police have not been able to identify the person or recover the lost data, hindered by the lack of CCTV footage.”

The watchdog’s investigation found NHS Fife failed to have appropriate security measures for personal information, as well as low staff training rates.

Following the incident, NHS Fife introduced new measures including a sign in and out system for documents containing patient data, and updated identification processes.

Natasha Longson, ICO head of investigations, said: “Patient data is highly sensitive information and must be handled with the appropriate security.

“When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals.

“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access.

“We are pleased to see NHS Fife has introduced new measures to prevent similar incidents from occurring in the future.”

A NHS Fife spokesperson said: “Earlier this year, an individual purporting to be a member of agency nursing staff attended St Andrews Community Hospital.

“The individual was only on a ward for a short period of time and left shortly after being challenged by a member of the nursing team. While the person was never alone with any patient, they did have access to a handover document containing information relating to patients on the ward.

“NHS Fife and Fife Health and Social Care Partnership, who operate the facility, immediately reported the incident to Police Scotland and also referred the incident to the Information Commissioners Office. The patients involved and their families were informed of this breach of security.

“We acknowledge the findings of the Information Commissioners Office, and have apologised to those involved.”

The health board said measures have been put in place to prevent a recurrence and a significant adverse event review has been held, with a group established to implement the recommendations of the commissioner and the review.

North East Fife MSP, and former Scottish Liberal Democrat leader, Willie Rennie said the incident was “alarming” and called for “robust security measures” to prevent any repeat.

A Police Scotland spokesperson said: “Around 3.40pm on Wednesday, February 1 2023, we received a report of a woman posing as a member of staff at St Andrews Community Hospital, St Andrews.

Inquiries have been carried out and nobody has been arrested.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in