Unauthorised access of patients' records by rogue staff

The request was partially successful.

Dear Aneurin Bevan University Health Board,

This request concerns the unauthorised access of patient records by rogue staff.

1. Please provide the name of the computer system you use to flag up details of potential unauthorised accesses.

2. Between 1 January 2016 and 30 June 2017, please provide the number of potential unauthorised accesses that were flagged up.

3. Between 1 January 2016 and 30 June 2017, please provide details of the number of individuals found to have:

i. accessed their own record; and
ii. those of other patients.

3. Of those who accessed other patients' records, please provide the number of records each accessed.

4. Where disciplinary action was taken, please provide details of the outcomes - x number received a verbal warning, Y number received a written warning etc.

5. Please provide screenshots of a blank electronic patient record. If different categories of staff have access to different patient information, please provide screenshots showing the differences. Also specify the categories of staff to which each screenshot relates.

Yours faithfully,

D Moore

Dear Aneurin Bevan University Health Board,

By what date should I expect a response?

Yours faithfully,

D. Moore

Dear Aneurin Bevan University Health Board,

I'll contact the Information Commissioner next month about this request if I don't receive a satisfactory response soon.

Yours faithfully,

D. Moore

Rona Button (Aneurin Bevan UHB - Corporate Services), Aneurin Bevan University Health Board

Dear Sir/Madam,

Thank you for your email requesting the response to your Freedom of Information request.

Unfortunately, we cannot find any evidence of having received your original request. If you could provide me with the acknowledgement number issued (FOI 17***) and the date when you submitted your request (or a copy of the original email), we will look into this further for you.

Please accept my apologies that you have not heard from us.

Yours faithfully,

Rona Button
Rheolwr Gwasanaethau Corfforaethol - Rhyddid Gwybodaeth/Corporate Services Manager - Freedom of Information
Bwrdd Iechyd Prifysgol Aneurin Bevan/Aneurin Bevan University Health Board
Ystafell 041, Pencadlys, Ysbyty Sant Cadog, Ffordd y Lodj, Caerllion, Casnewydd, NP18 3XQ/Room 041, Headquarters, St Cadoc's Hospital, Lodge Road, Caerleon, Newport, NP18 3XQ
E-bost/E-mail: [email address]
Ffôn/Tel: Extension 55956 or (01633) 435956 (external)

  Help save paper - do you need to print this e mail?
 Helpwch Achub Papur - Oes angen gennych printio mâs yr e-bost hwn?

Bwrdd Iechyd Prifysgol Aneurin Bevan yw enw gweithredol Bwrdd Iechyd Lleol Prifysgol Aneurin Bevan
Aneurin Bevan University Health Board is the operational name of Aneurin Bevan University Local Health Board

Dear Rona Button (Aneurin Bevan UHB - Corporate Services),

You asked me to resend my FOI request. Here it is:

"This request concerns the unauthorised access of patient records by rogue staff.

1. Please provide the name of the computer system you use to flag up details of potential unauthorised accesses.

2. Between 1 January 2016 and 30 June 2017, please provide the number of potential unauthorised accesses that were flagged up.

3. Between 1 January 2016 and 30 June 2017, please provide details of the number of individuals found to have:

i. accessed their own record; and
ii. those of other patients.

3. Of those who accessed other patients' records, please provide the number of records each accessed.

4. Where disciplinary action was taken, please provide details of the outcomes - x number received a verbal warning, Y number received a written warning etc.

5. Please provide screenshots of a blank electronic patient record. If different categories of staff have access to different patient information, please provide screenshots showing the differences. Also specify the categories of staff to which each screenshot relates."

Yours sincerely,

D. Moore

Rona Button (Aneurin Bevan UHB - Corporate Services), Aneurin Bevan University Health Board

Dear Sir/Madam,

Thank you for your request for information under the Freedom of Information Act received on 27 September and please accept my apologies, once again, that we did not receive your original request. We have allocated it the following reference number, FOI 17377, and will be in contact again shortly. We aim to respond to all Freedom of Information requests within 20 working days from the date of receipt.

You may be interested to know that we have now set up a dedicated email address for Freedom of Information requests, [Aneurin Bevan LHB request email] which you can use for future requests in order to receive a prompt response.

In the meantime, if we can be of any further assistance please do not hesitate to contact me.

Yours faithfully,

Rona Button
Rheolwr Gwasanaethau Corfforaethol - Rhyddid Gwybodaeth/Corporate Services Manager - Freedom of Information
Bwrdd Iechyd Prifysgol Aneurin Bevan/Aneurin Bevan University Health Board
Ystafell 041, Pencadlys, Ysbyty Sant Cadog, Ffordd y Lodj, Caerllion, Casnewydd, NP18 3XQ/Room 041, Headquarters, St Cadoc's Hospital, Lodge Road, Caerleon, Newport, NP18 3XQ
E-bost/E-mail: [email address]
Ffôn/Tel: Extension 55956 or (01633) 435956 (external)

  Help save paper - do you need to print this e mail?
 Helpwch Achub Papur - Oes angen gennych printio mâs yr e-bost hwn?

Bwrdd Iechyd Prifysgol Aneurin Bevan yw enw gweithredol Bwrdd Iechyd Lleol Prifysgol Aneurin Bevan
Aneurin Bevan University Health Board is the operational name of Aneurin Bevan University Local Health Board

Dear Rona Button (Aneurin Bevan UHB - Corporate Services),

By what date should I expect a response?

Yours sincerely,

D. Moore

Will left an annotation ()

Please sign my petition so that I my obtain answers, which the Aneurin Bevan Health Board are refusing to provide me.

https://www.change.org/p/first-minister-...

Will left an annotation ()

Dear D Moore

I have read your FOI and you might be interested in an internal email I received from the Aneurin Bevan Health Board, following a SAR I made.

An extract taken from the email reads as follows: -

"Essentially we have conducted an extensive search of CWS to identify who had accessed the patients files. We used different search criteria such as date of birth, full name, surname only, surname and initial etc. The searches are sometimes difficult and there will be occasions where we cannot identify exactly who accessed what every time - unfortunately the software auditing logs are limited and on this occasion the surname was common which again limited our ability to be definitive e.g. if we found that I had accessed a record of S Smith then I would not be able to confirm from the log whether its Shirley Smith or Steve Smith. This is one of the difficulties we have and I hoped that I had explained this in the letter to the patient and HIW etc.

regards

Richard Howells Head of Information Governance"

I know from my family's ongoing cases, there have been illegal accesses into mine and my brother's health records for years and the ABHB and the HIW are all aiding in the cover up.

It took the ABHB around 5 years to release who had been accessing my records.

The ABHB are closing the complaints without bring the perpetrators to account. The ABHB are victimising my family, even to the point of effecting our treatment, for bringing there criminal acts into the public domain.

I am not sure if you are interested but I have started a petition and I'm intending to bring out more.

https://www.change.org/p/first-minister-...

Wendy Williams

D. Moore left an annotation ()

Will,

Thank you for your informative annotation.

Dear Rona Button (Aneurin Bevan UHB - Corporate Services),

If I receive no meaningful response soon I'll have no option but to contact the ICO.

Yours sincerely,

D. Moore

Rona Button (Aneurin Bevan UHB - Corporate Services), Aneurin Bevan University Health Board

Dear Sir/Madam,

Thank you for your email and please accept my sincere apologies that it has been necessary for you to contact us regarding your Freedom of Information request. We now have all of the information you requested and the response has been put through for approval and sign off. We therefore anticipate being able to provide this to you within the next few days.

Yours faithfully,

Rona Button
Rheolwr Gwasanaethau Corfforaethol - Rhyddid Gwybodaeth/Corporate Services Manager - Freedom of Information
Bwrdd Iechyd Prifysgol Aneurin Bevan/Aneurin Bevan University Health Board
Ystafell 041, Pencadlys, Ysbyty Sant Cadog, Ffordd y Lodj, Caerllion, Casnewydd, NP18 3XQ/Room 041, Headquarters, St Cadoc's Hospital, Lodge Road, Caerleon, Newport, NP18 3XQ
E-bost/E-mail: [email address]
Ffôn/Tel: Extension 55956 or (01633) 435956 (external)

  Help save paper - do you need to print this e mail?
 Helpwch Achub Papur - Oes angen gennych printio mâs yr e-bost hwn?

Bwrdd Iechyd Prifysgol Aneurin Bevan yw enw gweithredol Bwrdd Iechyd Lleol Prifysgol Aneurin Bevan
Aneurin Bevan University Health Board is the operational name of Aneurin Bevan University Local Health Board

show quoted sections

Rona Button (Aneurin Bevan UHB - Corporate Services), Aneurin Bevan University Health Board

1 Attachment

Dear Sir/Madam,

Thank you for your request for information under the Freedom of Information Act, received on 27 September 2017.

Please find attached the Health Board's response to this request, and please accept my sincere apologies for the delay in providing this response to you.

If you have any further queries please do not hesitate to contact me using the details provided below.

Yours faithfully,

Rona Button
Rheolwr Gwasanaethau Corfforaethol - Rhyddid Gwybodaeth/Corporate Services Manager - Freedom of Information
Bwrdd Iechyd Prifysgol Aneurin Bevan/Aneurin Bevan University Health Board
Ystafell 041, Pencadlys, Ysbyty Sant Cadog, Ffordd y Lodj, Caerllion, Casnewydd, NP18 3XQ/Room 041, Headquarters, St Cadoc's Hospital, Lodge Road, Caerleon, Newport, NP18 3XQ
E-bost/E-mail: [email address]
Ff?n/Tel: Extension 55956 or (01633) 435956 (external)

P Help save paper - do you need to print this e mail?
P Helpwch Achub Papur - Oes angen gennych printio m?s yr e-bost hwn?

Bwrdd Iechyd Prifysgol Aneurin Bevan yw enw gweithredol Bwrdd Iechyd Lleol Prifysgol Aneurin Bevan
Aneurin Bevan University Health Board is the operational name of Aneurin Bevan University Local Health Board

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org