NHS Orkney sends coronavirus test results to local business by mistake

NHS Orkney apologised for the data breach, which it said was caused by “administrative error”.

All of the 51 patients involved have been contacted and the business has deleted the personal data it received.

The health board has reported the incident to the Information Commissioner’s Office.

Julie Colquhoun, head of corporate services at NHS Orkney, said: “I can confirm that on May 15 data on 51 patients was sent to a local business in error.

“This data comprised patient names, addresses and the results of Covid-19 testing.

“Following investigation it is clear this was an isolated case of administrative error.

“We have written to all the patients affected to make them aware of this incident and apologise to them.

“This has also been reported to the Information Commissioner’s Office.

“NHS Orkney takes the management of patient data extremely seriously and all staff have been reminded of the correct procedures to follow.

“I would like to take this opportunity to apologise again to those people affected.”

A spokesman for the Scottish Government said the administration is aware of the data breach.

He added: “All staff and patients involved were subsequently contacted by NHS Orkney to explain the data breach and the recipient organisation has been contacted and has deleted the personal information they received erroneously.

“NHS Orkney has informed the Information Commissioner’s Office of the breach. This was not a cyber-attack but a result of human error.

“NHS Orkney will be fully investigating the incident to understand any failings and what lessons can be learned.

“This incident will be taken through their process to ensure data-handling practices and staff training is reviewed, and process improvements are identified and put into action.

“The Scottish Government takes the data protection rights of the people of Scotland seriously and will do everything in our power to ensure that lessons are learned and this doesn’t happen again.”

Nicola Sturgeon was questioned at the Scottish Government’s coronavirus briefing on whether the data breach would impact public confidence on the Test and Protect contract tracing system.

The First Minister said the NHS Orkney breach was “regrettable” and steps would be taken to ensure there is no repeat.

“Can I stress very, very strongly that issues of security, privacy and data protection are taken very seriously within Test and Protect, and will continue to be so,” she said.

“Confidentiality, privacy and security – these are all principles absolutely at the heart of the system because without assurance around these things we will not be able to build the trust that we must build in this system for it to be effective.”

Health Secretary Jeane Freeman said the Scottish Government would ensure a check is in place on how data is handled to ensure any errors made are caught quickly.

She added: “We are investigating this just now with NHS Orkney. As soon as we are clear about the detail of exactly what happened and what steps are being taken to ensure as far as possible it doesn’t happen again, then we will set that out and be very clear about that.”