(01639) 683312
Dyddiad/Date: 20th October 2017
(01639) 684363
xxxx.xxxxxxxx@xxxxx.xxx.xx
Ref: 17-I-043
D. Moore [request-431435-
xxxxxxxx@xxxxxxxxxxxxxx.xxx]
Corporate Administration
ABM Headquarters
1 Talbot Gateway
Baglan
Port Talbot, SA12 7BR
Dear Mr Moore
I refer to your Freedom of Information Act Request acknowledged by ourselves on 29th
September 2017. Your request sought information relating the unauthorised access of
patient records by rogue staff and individuals.
1.
Please provide the name of the computer system you use to flag up
details of potential unauthorised accesses.
The National Intelligent Information Auditing System (NIIAS) is a software
auditing tool available to all Health Boards & Trusts across NHS Wales. It is a
national system and is used to detect potentially inappropriate access to
electronic clinical records where employees may have accessed and/or viewed
data they are not entitled to access.
2.
Please provide copies of any minutes or reports written within the past
two years related to the unauthorized accessing by individuals or staff
of patient records.
IGB briefing papers for February, April, July & September 2017 are attached.
3.
Please provide details of any specific contractual terms individuals/staff
must abide by concerning the accessing of patient records.
The standard contract of employment contains contractual terms regarding
confidentiality. Whilst all job descriptions contain a confidentiality clause which
is as follows ‘In line with the Data Protection Act 1998, the post holder will be
expected to maintain confidentiality in relation to personal and patient
information, as outlined in the contract of employment. The post holder may
access information only on a need to know basis in the direct discharge of duties
and divulge information only in the proper course of duties’.
Bwrdd Iechyd ABM yw enw gweithredu Bwrdd Iechyd Lleol Prifysgol Abertawe Bro Morgannwg
ABM University Health Board is the operational name of Abertawe Bro Morgannwg University Local Health Board
Pencadlys ABM / ABM Headquarters, 1 Talbot Gateway, Port Talbot, SA12 7BR. Ffon / Tel: (01656) 752752
www.abm.wales.nhs.uk
The General Medical Council (GMC), Nursing & Midwifery Council (NMC) and
Health and Care Professions Council (HCPC) have codes of conduct/practice in
relation to patient confidentiality.
4.
Between 1 January 2016 and 30 June 2017, please provide the number
of potential unauthorised accesses that were flagged up.
The NIIS figures reported from 1st January 2016 to 30th June 2017 for ‘potential’
(i.e. not investigated) unauthorised access of ‘own record’ and ‘family member’
records totalled 1698.
5.
Between 1 January 2016 and 30 June 2017, please provide details of
the number of individuals and staff found to have:
i. accessed their own record; and
ii. those of other patients.
Please note prior to August 2016, confirmed records were not recorded by the
Health Board. Therefore the total number of confirmed breaches (i.e
investigated ) between 1st August 2016 to 30th June 2017:
i.
Own record – 292
ii.
Other patients (family member) – 139
6.
Of those who accessed other patients' records, please provide the
number of records each accessed.
The total number of records accessed between 1st August 2016 to 30th June
2017:
1 record – 130
2 records - 7
3 records - <5
4 records - <5
7.
Where disciplinary action was taken, please provide details of the
outcomes - x number received a verbal warning, Y number received a
written warning etc.
The following action was taken:
Verbal Warning – 18
First written Warning – 30
Other outcome (may include dismissal, final warnings etc) – 6
Bwrdd Iechyd ABM yw enw gweithredu Bwrdd Iechyd Lleol Prifysgol Abertawe Bro Morgannwg
ABM University Health Board is the operational name of Abertawe Bro Morgannwg University Local Health Board
Pencadlys ABM / ABM Headquarters, 1 Talbot Gateway, Port Talbot, SA12 7BR. Ffon / Tel: (01656) 752752
www.abm.wales.nhs.uk
8.
Please provide screenshots of a blank electronic patient record. If
different categories of staff have access to different patient information,
please provide screenshots showing the differences. Also specify the
categories of staff to which each screenshot relates."
Screenshots from the Welsh Clinical Portal
I hope this information is helpful. If you require anything further please contact us at
xxxx.xxxxxxxx@xxxxx.xxx.xx.
Under the terms of the Health Board’s Freedom of Information policy, individuals
seeking access to recorded information held by the Health Board are entitled to
request internal review of the handling of their requests. If you would like to complain
about the Health Board’s handling of your request please contact me directly at the
address below or register your complaint vi
a xxxx.xxxxxxxx@xxxxx.xxx.xx.
Bwrdd Iechyd ABM yw enw gweithredu Bwrdd Iechyd Lleol Prifysgol Abertawe Bro Morgannwg
ABM University Health Board is the operational name of Abertawe Bro Morgannwg University Local Health Board
Pencadlys ABM / ABM Headquarters, 1 Talbot Gateway, Port Talbot, SA12 7BR. Ffon / Tel: (01656) 752752
www.abm.wales.nhs.uk
If after Internal Review you remain dissatisfied you are also entitled to refer the matter
to the information commissioner at the Information Commissioner’s Office (Wales), 2nd
Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH. Telephone Number: 029
2067 8400.
Yours sincerely
Steve Combe
Director of Corporate Governance
Bwrdd Iechyd ABM yw enw gweithredu Bwrdd Iechyd Lleol Prifysgol Abertawe Bro Morgannwg
ABM University Health Board is the operational name of Abertawe Bro Morgannwg University Local Health Board
Pencadlys ABM / ABM Headquarters, 1 Talbot Gateway, Port Talbot, SA12 7BR. Ffon / Tel: (01656) 752752
www.abm.wales.nhs.uk
Document Outline