HYWEL Dda Health Board has written to a large number of patients to provide them with information after an investigation identified a former member of staff had inappropriately accessed electronic hospital records of 3,000 patients, including many in Ceredigion.

The individual, a nurse, has since been dismissed after breaching patient confidentiality and acting outside of their professional code of conduct and the health board’s own policies on data protection and information governance.

The health board has also referred the situation to the Information Commissioner for independent investigation.

All patients affected, which include staff members, have been written to and offered the opportunity to discuss the situation with the health board through a free helpline number, which can be contacted on 0800 804 8787 between the hours of 5pm and 9pm, Monday to Friday, and 9am to 4pm, Saturday and Sunday, until the 21 July.

Hywel Dda chief executive Steve Moore said: “This is a matter that we take extremely seriously and I have written to every patient directly affected to apologise for the actions taken by this individual which go against their own professional code of conduct and health board policies and procedures.

“We are able to reassure people that our review has shown no changes or amendments were made to records. It also produced no evidence that the information has been used by the individual for any purpose other than to view.

“We understand and acknowledge how distressing this is for those individuals affected, especially for any who may be vulnerable and we have set up a free helpline should they wish to discuss this further with us.”

Members of the health board’s management identified the breach late last year and a review took place to establish the extent of the issue.

The health board has identified areas for improvement and taken action to improve checking access to electronic hospital records and managing performance and supervision to avoid something similar from happening again.

The health board has also proactively referred this to the Information Commissioner’s Office to investigate. The Information Commissioner is responsible for upholding rights in the public interest, promoting openness by public bodies and privacy for individuals. It is an independent regulatory office dealing with the Data Protection Act and has its own enforcement rights for any breaches under the Act.

Should the Information Commissioner’s Office determine the access constitutes a breach, they have the power to commence criminal proceedings against the individual. Equally, the Information Commissioner could fine against the Health Board should they consider it failed to take appropriate organisational or technical measures to protect individuals’ personal data.

Mr Moore added: “May I again sincerely apologise that a former member of staff, whilst in a position of trust, has acted in this way.

"This should not have happened and I know that our own staff, like our board, will be shocked at this situation, especially our wonderful nurses who hold patient confidentiality at the core of their values.

"I hope our patients, staff and public will be assured of our ongoing commitment to avoid something like this from happening again.”