1. Who has accessed my records?
Unfortunately during this investigation poor computer etiquette was also identified and therefore we are unable to validate the specific individual concerned.
It should also be noted that the ICO investigation is ongoing, therefore we are limited in how much information we can release.
2. What is their job role at the Trust?
The employee who has inappropriately accessed your record is a member of our staff who has legitimate access to our electronic health record system; for example a medical professional or clinical administrator.
3. What safeguarding systems are in place?
To gain access to any systems staff are required to undertake training before access is granted. Each staff member is given a unique username therefore the Trust is able to run an audit as to who has accessed a patient records.
We mandate Information Governance training, our Confidentiality Code of Conduct and professional codes of practice, these now have all been reiterated to the staff in question.
4. How many occasions were my records viewed?
This can be provided upon request, please contact the Trust on firstname.lastname@example.org.
5. What dates / times were my records viewed?
This can be provided upon request, please contact the Trust on email@example.com
6. What records have they viewed?
It is possible that clinical documentation such as blood results, care pathways, medication, secretary letters & discharge letters have been accessed
7. What action is taken with staff who inappropriately access records?
Appropriate action is taken in any case where an employee is found to have inappropriately accessed records. Depending on the circumstances, consideration is given to the following actions to ensure the same issue does not occur again.
Action in line with the Trust’s Disciplinary Policy
Education and re-training
Referral to the ICO
Referral to the staff member’s professional body
8. How many other members of the public have been affected?
2,172 members of the public have been affected by this incident.
9. Can I get access to my personal records to review what could have been accessed?
Yes, details about our Subject Access Requests can be found by clicking here.
10. What will happen moving forward now that I’ve got in touch? Will you keep in touch with any developments etc.?
This incident is still an ongoing criminal investigation with the Information Commissioner’s Office. Once the ICO has concluded its investigation we will post an update on the Trust website and can contact you directly if you wish us to.
11. Can I arrange a meeting with a senior member of Trust staff to receive an apology in person?
Yes, you can have a meeting with our Data Protection Officer or senior member of the Trust. If you would like to arrange this please contact us on firstname.lastname@example.org.
If you have been affected by the letter and feel that you need additional support please contact your GP Practice or alternative North West Boroughs Healthcare NHS Foundation Trust by click here. You can also contact them on 01925 664 000.
To see how the Trust uses your data and also how we keep it secure please see the How we use your Personal Information leaflet by clicking here