Response to Queries on IT Security

The Information Commissioner’s Office has issued a statement today in connection with NHS Lothian investigations into inappropriate data use by two members of staff.

Alan Boyter, Director of Human Resources and Organisational Development, NHS Lothian, said:

 “We alerted the Information Commissioner as soon as we became aware last year of a staff member who had broken the NHS Lothian policy on safe data storage, and have been happy to work with the Commission on a voluntary basis to ensure that our systems are as safe as they can be. “As you might expect, we take the preservation and protection of patient confidentiality as seriously as possible and immediately put into place a number of software solutions last year.
“These include a ban on the use of any memory sticks apart from special NHS sticks with inbuilt encryption, and new software on any laptops to prevent unauthorised people from accessing them. “Any staff member who breaks our rules on the safe storage of patient information will face investigation under our disciplinary procedures.

The staff involved in the incidents cited by the Information Commissioner have been subject to such an investigation process. Appropriate management decisions were taken and we do not discuss the outcome of individual disciplinary investigations.”