EXCLUSIVE: Perthshire woman 'felt sick' after THIRD NHS Tayside data breach

15 Dec 2024, 08:00 by Ellidh Aitken · The Courier

A Perthshire woman says she “felt sick” after discovering she had been the victim of a third NHS Tayside data breach.

Amanda Flood, 57, from Inchture, was previously left “devastated” when a Ninewells Hospital worker twice snooped on her medical records.

The retired medical secretary discovered her details – including her date of birth, address and hospital appointments – had been accessed between 2021 and 2022.

Amanda received an apology from NHS Tayside at the time.

However, in October this year, she received another letter stating that her personal details had been mistakenly sent to a patient.

Inchture woman ‘couldn’t believe it’ after discovering third NHS Tayside breach

The letter, seen by The Courier, said a spreadsheet with Amanda’s name, patient hospital number, email address, home address and phone number had been “sent to an individual in error”.

No medical records were shared as part of the latest breach.

Amanda said: “I just couldn’t believe it.

“I felt sick, really sick – talk about insult to injury.

The main entrance to Ninewells Hospital. Image: Kim Cessford/DC Thomson

“I am just annoyed. They said they were happy to speak to me about it but I haven’t contacted them.

“They won’t do anything about it and to get them to do anything is such an ordeal.

“The only thing I have taken out of it is that no medical details were involved.

“I am a bit relieved at that but they sent so many other details to this patient.

“I get human error but they should be taking steps to avoid this before it happens.”

NHS Tayside data breach was ‘human error’

Amanda got back in touch with The Courier after we reported on another NHS Tayside breach, where it released the medical records of 125 patients.

The breach of her details came in a spreadsheet used by the health records department at Ninewells to track subject access requests (SAR), where people can ask for information held in their name by NHS Tayside.

The NHS Tayside letter said the breach had been down to a “single incidence of human error and steps have been taken to prevent this incident from happening again”.

It was reported to watchdog the Information Commissioner’s Office but no further action was taken.

Health board apologises after data breach

A spokesperson said NHS Tayside wrote to everyone affected in October to “sincerely apologise” for the error.

The spokesperson added: “Medical records have not been shared and were not part of this breach.

“This was a single incidence of human error, but we are aware of the impact this may have on individuals affected.

NHS Tayside has apologised. Image: Steve Brown/DC Thomson

“We took a number of steps in response to the incident, including changes to document access controls and storage processes.

“All staff within the department were reminded of their data protection responsibilities and have undertaken the mandatory safe information handling training.”

In September, The Courier took a look at seven times the health board had been forced to say sorry in the past two years.