Hospital intruder posed as a nurse and stole patient information

Woman got as far as helping staff deliver patient care, and left with documentation on more than a dozen patients after being scared off by nursing team member

An intruder posing as an agency nurse entered a hospital ward, helped staff with a patient and then left with personal information of 14 patients, a watchdog found.

The Information Commissioner’s Office (ICO) reprimanded NHS Fife in Scotland about the incident at St Andrews Community Hospital in February.

Police have not identified the woman or recovered the stolen paperwork. The hospital’s CCTV was accidentally switched off by a staff member before the incident, the data protection watchdog said.

NHS Fife said the woman was in the hospital for a short period, was never alone with any patient and left after she was challenged by a member of the nursing team.

Hospital lacked identification checks

The ICO said the fact she was able to help administer care to one patient and was handed a document containing information relating to 14 people was due a lack of identification checks and formal processes. The investigation found the health board failed to have appropriate security measures for personal information, as well as low staff training levels.

NHS Fife has now introduced measures including a sign-in and out system for documents containing patient data, and updated identification processes. A significant adverse event review was conducted and a group has been established to implement the recommendations.

Information breach throws up security questions for all healthcare organisations

ICO head of investigations Natasha Longson said: ‘Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access.

‘We are pleased to see NHS Fife has introduced measures to prevent similar incidents in the future.’

NHS Fife said it and Fife Health and Social Care Partnership, which together run the hospital, immediately reported the incident to Police Scotland and notified the ICO.

A spokesperson added: ‘The patients involved and their families were informed of this breach of security. We acknowledge the findings of the ICO and have apologised to those involved.’

Police Scotland confirmed no one has been arrested, despite enquiries.

In other news

• Chronic shortage of sickle cell nurses putting at patients at risk
• New anti-strike code prompts human rights concerns
• Number of UK-trained nurses joining register hits all-time high