A lack of understanding about IT systems and a failure to establish a safety culture are to blame for the publication of confidential information about 92 patients by a primary care trust, according to an investigation into the error.
Melton, Rutland and Harborough PCT accidentally included identifiable information on 92 patients in its board papers and sent the information out to 35 people including the local media. The details, including patients’ names, addresses and telephone numbers and the reasons why they had called an out-of-hours centre, were also available on the PCT’s website for a short time.
The 32 page report into the incident by the PCT includes recommendations that the PCT promotes a safety culture in the use of information, raises staff awareness of IT systems, policies and procedures and reviews the use of patient identifiable information.
Charlie Keeney, director of corporate development and public involvement at the PCT, said the investigation had been very thorough.
He added: “The PCT took immediate action including contacting all 92 patients affected directly and will again be writing to those people to report the findings of the report. This represents the completion of a process to find out what went wrong and the most important thing the PCT can do is to learn the lessons from this incident”.
The investigation found that ‘stressed staff worked at maximum capacity’ and that the error occurred when a staff member was asked to compile a report to the board at short notice detailing use of the out of hours centres at Market Harborough and Oakham.
The report says that the out of hours software package used by the PCT, Adastra, was not able to provide the detailed information required by the board so the PCT downloaded the data for more detailed analysis using Excel software.
The subsequent document produced by ‘manager A’ and overseen by ‘director B’ included graphs created in Excel and then cut and pasted into a Word document with embedded information on all the patients who had attended two out of hours centres on two bank holidays in May.
The report adds: “Neither Director A or Manager B were aware of the presence of embedded data within these graphs or that patient identifiable data was present for the May Bank Holiday attendance.”
The report reveals that due to pressure of work Manager A had also breached PCT policy by taking the relevant information home using a USB memory stick, making changes to the document and emailing it back to Director A in the early hours of the morning.
The report adds: “This was in direct breach of the PCT policy on emailing patient identifiable information and the PCT’s policy on using home computers. The storing of patient identifiable information on an externally sourced non biometric USB stick was also in breach of PCT policy.”
The report adds that instructions to place all files on the internet in a PDF format had also not been fully followed. It adds: “In investigating this incident, it became obvious that the process for production of papers for the Trust Board, particularly late papers, was not streamlined or well understood, causing confusion amongst staff at all levels. It also became clear that there is no process in place for ‘quality checking’ papers before they were sent out.”
Manager B was suspended following the incident but returned to work following a decision that disciplinary action was not appropriate.
The report adds: “The internal investigation concluded that the incident was the result of human error and an inadvertent mistake. The investigation report states: “There is no evidence of wilful or negligent staff action relating to the disclosure of patient information from an electronic version of a PCT Board paper.”
Links
Melton Rutland and Harborough PCT report
PCT’s e-mail error leaks patient details