Health and Community Services data breach disciplinaries (FOI)

Request

Please advise the number of investigations, and the percentage of those investigations that have resulted in disciplinary action where healthcare employees have been found to access patient records inappropriately (i.e. - where there has been no justifiable reason to access an individual's record).

Response

Regular audits are undertaken on access to patient records, and where there appears to be inappropriate access, employees are asked to justify their actions. If the employee is unable to justify their access (i.e. they are not responsible for the treatment or care of the patient at the time of the access), the matter is referred to the line manager of the employee to instigate disciplinary action. Audits are also undertaken on demand from patients.

Since January 2018, there have been fewer than five cases referred for disciplinary action.

As the number is small, it cannot be broken down further as to do so would impact on the privacy of individuals. Therefore, Article 25 of the Freedom of Information (Jersey) Law 2011 has been applied.

Article Applied

Article 25  - Personal Information

(1) Information is absolutely exempt information if it constitutes personal data of which the applicant is the data subject as defined in the Data Protection (Jersey) Law 2018.

(2) Information is absolutely exempt information if –

(a) it constitutes personal data of which the applicant is not the data subject as defined in the Data Protection (Jersey) Law 2018; and

(b) its supply to a member of the public would contravene any of the data protection principles, as defined in that Law.