An investigation by Big Brother Watch has revealed the Scottish health service recorded 634 breaches of data protection legislation in three years.
According to Herald Scotland, cases included covert filming of staff, patient case files being left at a bus stop, a patient record being photographed with a mobile phone and a call-out being posted on Facebook.
Emma Carr, director of Big Brother Watch, said: “It is clearly unacceptable that health staff in Scotland have thought that they could post such confidential details on social media and disclose them to third parties.
“It is completely right that they should be internally disciplined but we question whether that it is enough of a deterrent. Urgent action is therefore needed to ensure that medical records are kept safe and the worst data breaches are taken seriously, including the introduction of greater penalties for those who abuse that access. This should include the threat of jail time and a criminal record.”
A Scottish Ambulance Service spokesman said: “Protecting the privacy of our patients is of paramount importance. There are robust policies and procedures in place for the management of patient data in line with information governance standards and these are reinforced with staff training on an ongoing basis.”
Tony Pepper, CEO at Egress, said: “While Big Brother Watch has called out the cases that involve Facebook and other social media sites, the reality is a lot more mundane as the majority of these breaches will be relating to email and human error.
“While it seems obvious that you should not share sensitive information on social media, people ignore the fact it is just as bad to be sharing sensitive information unprotected in any form. Whether it’s through an online web form, a cloud-based collaboration platform, a large file sharing drive or a common or garden email, sensitive data – particularly personal information relating to people’s health – needs to be encrypted and protected.”