The health trust in charge of Watford General Hospital and St Albans City Hospital has been forced to apologise after thousands of staff details were sent to private email accounts.
Personal information including staff names, national insurance numbers, addresses, salaries, professional registration and if supplied by the staff members, sexuality and religion, were sent by two members of staff to their personal email accounts.
Sam Jones, the trust’s chief executive confirmed no patient details were leaked and said the data had been sent to the accounts so staff could work out of office.
West Hertfordshire Hospitals NHS Trust revealed there were three separate breaches. One incident saw a member of the trust email their personal account with around 4,000 members of staff’s details.
Another member of staff emailed their own account with around 1,500 employee details.
A third breach saw a staff member email another NHS trust with around 740 staff details.
However, the trust said the staff were now facing disciplinary action.
Samantha Jones, Chief Executive of the West Hertfordshire Hospitals NHS Trust said: "I have today written to our staff to let them know of three information governance breaches which we have reported to the Information Commissioner’s Office.
"On two separate occasions, two members of staff sent staff data to their personal email address so that they could work on it whilst out of office. This is against trust policy and the staff members will be subject to appropriate disciplinary procedures.
"In addition, on a third occasion, staff data was accidentally sent to a staff member at another NHS trust.
"I can confirm that the data has been deleted from all three email accounts to which it was sent, which means the risk for our staff is minimal.
"I have launched an investigation into what happened and we will share the outcome with our staff.
"We have also taken some immediate steps to help prevent it happening again, introducing an automatic IT block on similar emails being sent reminding staff of our email security protocols; providing additional training and education for staff around the handling of personal identifiable information.
"In addition, I have commissioned an independent review of our approach to information governance to ensure we have the safest possible systems in place.
"I have apologised on behalf of the trust board to our staff and we have established an information line for those who may have questions.
"We also advised them that although the emails have been deleted and the risk to their personal data security is minimal, they should remain vigilant and report any irregular activity."
Watford’s MP Richard Harrington praised the measures introduced by the trust to combat the breach.
He said: "Whilst it is of course disappointing that this has occurred, and is clearly against trust procedure, I welcome the immediate steps taken by the Trust to rectify this and to ensure that it cannot happen again.
"The automatic IT block should ensure that there is no possibility of anything being sent to a personal email address in the future, and Sam Jones will report back to me with the findings of the independent review when that concludes"
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel