Trust contacting those affected after data breach by colleague at Musgrove Park Hospital

Somerset NHS Foundation Trust is contacting up to 200 people after a proportion of their hospital records were inappropriately accessed by a member of staff.

The member of staff accessed the hospital records of people within their circle over a period of six years. The trust is this week contacting every person whose hospital record has been inappropriately accessed to let them know what has happened, to apologise unreservedly, and to offer to meet them to discuss it if they would like.

The trust has reported the breach to the Information Commissioner and Avon and Somerset Police is investigating.

Phil Brice, Director of Corporate Services for Somerset NHS Foundation Trust, said: “We apologise unreservedly to every person whose hospital record has been inappropriately accessed in this way. Many NHS professionals need access to confidential information in order to do their jobs effectively. Every colleague in our trust undertakes regular information governance training and we understand that we are in a position of trust. Very sadly, this was not respected in this case.”

The member of staff had access to one hospital system as part of their role. This enabled them to see demographic details; A&E attendances including dates and basic admission information; inpatient admissions including dates, the wards where patients were cared for, consultant and specialty; and outpatient appointments including dates, consultant and specialty. They were not able to access clinical letters, discharge summaries, community, mental health or sexual health records or medical or nursing records.