Thousands of hospital workers affected as personal details emailed to private addresses
Samantha Jones wrote to staff at Hemel Hempstead, Watford and St Albans hospitals earlier this month to let them know of three information governance breaches, which were self-reported to the Information Commissioner’s Office.
Ms Jones said: “On two separate occasions, two members of staff sent staff data to their personal email address so that they could work on it whilst out of the office.
Advertisement
Hide AdAdvertisement
Hide Ad“This is against Trust policy and the staff members will be subject to appropriate disciplinary procedures.
“In addition, on a third occasion, staff data was accidentally sent to a staff member at another NHS trust.
“I can confirm that the data has been deleted from all three email accounts to which it was sent, which means the risk for our staff is minimal.”
The breach did not relate to patient data and an investigation will be launched.
Advertisement
Hide AdAdvertisement
Hide AdThe Trust has also taken some immediate steps to help prevent the error happening again, including introducing an automatic IT block on similar emails being sent, reminding staff of our email security protocols and providing additional training and education for staff around the handling of personal identifiable information.
Ms Jones continued: “I have apologised on behalf of the Trust Board to our staff and we have established an information line for those who may have questions.
“We also advised them that although the emails have been deleted and the risk to their personal data security is minimal, they should remain vigilant and report any irregular activity.”
The type of data which was leaked included information such as name, date of birth, national insurance (NI) number, address, salary, professional registration and, if supplied by the staff member, sexuality and religion:
Advertisement
Hide AdAdvertisement
Hide AdIn total, more than 4,000 staff were affected across the three breaches.