Man finds sensitive patient data outside Caithness General
Get a digital copy of the Northern Times delivered straight to your inbox every week
A MAN who was passing by Caithness General Hospital in Wick claims to have found a document containing "highly sensitive medical information" about patients.
The member of the public, who wishes to remain anonymous, said he found the folded A4-size piece of paper lying on the road near the gate lodge house at the entrance to the hospital around 8pm last Friday.
"It was a list of vulnerable patients in Caithness General that outlined their ages and health conditions," the man said.
The list of 19 names allegedly had information regarding the meals they ate, their marital status, whether they lived alone and any mental health condition they may be suffering. The average age range was early 80s with the youngest being 52, he said.
NHS Highland's chief executive has since "unreservedly apologised" to the patients affected by the data breach.
The man who found the document said: "It seems to be a list a doctor would use as he went around the wards. It's highly sensitive information and the potential was there for people to be harmed by this.
"Imagine telling a person in a fragile mental state that someone had found their health details in the gutter. How would that impact on them?"
The man thought the information could have also been used by a "malevolent individual" to break into a house they believed would be empty after reading the data.
"In that sense, it had the potential to be a major security risk," he said.
"I would like to believe that NHS Highland will view this incident in terms of a learning curve. All staff, irrespective of the pressure they may be under, must nevertheless be made aware of their responsibilities when processing highly sensitive personal data.
"Training should be provided ensuring patients medical records and information are kept secure at all times."
The man said he handed the sheet of paper into the reception desk of the hospital and has not retained any information from it.
Paul Hawkins, the NHS Highland chief executive, said: “NHS Highland has directly contacted all the patients affected by this data breach to apologise unreservedly. We have reported the incident to the information commissioner and are holding an investigation into this matter.”