Patients in America at Oregon State Hospital’s maximum security ward had their private information improperly shared by a hospital psychiatrist.
It happened on 9th June where a psychiatrist ended up sending six recipients a photograph of a patient census sheet that had a list of patient’s names on it. The psychiatrist sent the image by accident; but this accident caused six people to be able to see patient’s names, treatment information, identification numbers, photos of the patient, and legal status.
A very serious breach!
Understandably, patients are very upset about the data leak. Privacy laws in America are meant to prevent leaks of such information from happening but here patients were failed. The name of the psychiatrist who caused the data breach has not been released, and the hospital has said that, despite the breach, patient information was not misused.
The psychiatrist who committed the breach did report the incident, and those who were sent the data have given the hospital confirmation that the data had been deleted.
Laws in America are similar to the UK in terms of the misuse of private information. Having helped patients for serious breaches like this here in the UK, we know all too well how distressing it can be for the victims to learn that their confidential and sensitive information has been shared with people it shouldn’t have.
Staff using mobile phones
The hospital is currently reviewing its practices and the patients at the hospital have been informed of this. However, mobile phone use seems to be a common thing at the hospital.
Douglas Styles, a 44-year-old patient at the hospital, said “We’ve seen staff with cell phones under their desk accessing their personal information or emails. They’re not supposed to be doing that at work.”
We recently ran the Capita data breach story where a benefits assessor was using his mobile phone to take snaps of benefit claim forms here in the UK to prove he had done them. With mobile phone technology these days allowing us to collect and share information so easily, it’s a real concern moving forward.
The psychiatrist has now been told not to keep private health information on a mobile phone, but the psychiatrist should not have been doing this anyway. It does raise questions of how much information healthcare professionals have stored on their phone about patients, and what information could potentially be leaked.
Highlighting an issue
Staff are allowed to use their mobiles phones at the hospital but need permission to be able to take any information off the hospital premises. Although this data leak has taken place in America, it does highlight potential concerns for UK patients because similar practices occur. With data leaks by the NHS being the most common in the UK, do we really know who has access to our personal data; how they are storing it; and who has had access to it by mistake?
The psychiatrist in America who caused the data leak has been retrained on information privacy in accordance with the hospitals mandatory annual training. This type of data leak should not have taken place at all, and it does raise the question of whether mandatory retraining is sufficient enough in dealing with the seriousness of the effect that a data leak can have on a person.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.