NHS staff are putting patient confidentiality at risk by sharing information about them on Facebook new research has revealed.Private records belonging to ill and vulnerable patients were breached more than 800 times over the last five years by nurses, doctors and administrative staff at 152 NHS trusts and hospitals.
Nearly half said there had been at least one breach in the past year, a report by the campaign group Big Brother Watch found.
In one incident at the Nottingham University Hospital NHS Trust, a member of medical staff was dismissed after taking a photograph of a patient in bed and showing it to friends on the social networking site.
The report comes after the Information Commissioner said tougher powers were needed so that those who break data protection laws to obtain personal details could be jailed.
The figures, released under the Freedom of Information Act, showed there were at least 806 incidents in which NHS employees breached data protection policies between July 2008 and July 2011.
In 23 cases, medical staff posted confidential medical information on Facebook, sharing details about a patient’s name, medical condition or discussing their treatment.
There were more than 90 incidents where employees admitted to inappropriately accessing the medical files of colleagues, and more than 30 incidents where they looked up family members, the figures showed.
Their actions led to a total of 102 doctors, nurses and hospital staff being sacked.
The figures also showed unsecured confidential medical information was lost on 57 occasions across 24 NHS trusts.
Christopher Graham, the Information Commissioner, warned in July that a culture change was needed within the health service to ensure patients’ personal information was kept secure.
Nick Pickles, director of Big Brother Watch, said “urgent action” was needed to keep medical records safe.
“This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected,” he added.
“The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost represents serious infringements on patient privacy.”
He added: “It is essential the NHS is transparent about these incidents and failing or refusing to disclose that a data breach has taken place is unacceptable.”
