Month Incident Nature of

Incident Key
Incident Description
or the
Complai Incident
nt and
Category
List
Feb 2009

Paediatric Handover sheet containing Patient Identifiable Incident e (e) Other -

information for an unspecified number of patients has information
been sent accidentally to a parent along with a discharge which should
letter for their child. The parent contacted the parent of not have
another child on the handover sheet who in turn been sent to
contacted Clinican to express dismay. parent was
attached to
discharge
letter -
human error
March 2009

PID sent via email from WWL NHS Foundation Trust to Incident e (e) - PID
ALWPCT, GP surgery and external supplier email sent via
address - 2 patients names where mentioned on the body email
of the email and the rest of the Personal Identifiable Data unsecurely
was in screenshots within a word document but this was to non NHS
not protected mail account
March 2009

Paper list found in the Dining Room, RAEI, Wigan Incident a (a) Loss of
containing patient details that are on or have been on paper
Shevington Ward. There were 28 patients on the ist who documents
were under care at the Hospital. from NHS
premises

Clinicians clinic tape has gone missing from his clinic Incident a (a) loss of
May 2009

dated in May 2009. audio tape

containig
PID from
secured
NHS
premises
May 2009

Letter sent to wrong address for a patient Incident e (e) - Other -

patient letter
sent to
incorrect
patient
May 2009
Quality Health informed the Trust regarding 2 Incident e (e) - Other -
questionnaires with consent form still attached which consent form
should have been retained by the Trust as per DOH attached to
instructions returned
questionnair
es
June 2009

Patient arrived in waiting room area 6 (Leigh Infirmary) Near Miss e (e) - Other -
with neighbourhood health improvement worker for an Incident confidential,
appointment. They arrived at 8.15 for an 8.30 personal and
appointment and took a seat - there was no staff present sensitive
in the waiting room. There was open access to many information
patient notes (quantity not stated) as there are no glass left in area
screens on the desk and the notes were clearly visible on accessible to
the trolleys and shelves behind reception. the public -
could have
been stolen /
disclosure of
PID
June 2009

Ex-member of staff has presented a presentation outside Incident d (d) -

the Trust which contains the personal identifiable details Unauthorise
of 15 WWL patients d disclosure
- personal
information
disclosed
without
consent
July 2009

Freedom of Information Request response (0457) sent Incident d (d) -

out re: expenses - contained address details of Executive Unauthorise
/ Directors d disclosure
- breach of
confidentialit
y
July 2009

Clinical Audit Assistant was pulling casenotes for audit Incident a Loss of
projects. List of patients relating to approximately 6 paper
patients (including names and addresses) has been document
misplaced. The list was lost on Trust premises.
Oct 2009

Patient received discharge letter from Ward. The Incident d (d)

label on the front of the envelope had all the patients Unauthorise
details on it including NHS number, PAS number, d disclosure
gender and date of birth. Patient complained to the - breach of
confidentialit
Patient Relations Department.
y
Oct 2009 July 2009
Patient sent in complaint letter following disclosure of her Complaint Ex member
data in a presentation by ex member of staff. of staff is
responsible
for this
Complainant works at the A&E Department within the Complaint Member of
Trust and has complained that another member of staff the Clinical
has disclosed her demographic details to a third party Audit
(CSA). IG Co-ordinator contacted complainant and said Department
in order to investigate this incident, she needs to put in
writing. Informed that she has put the complaint in
writing. HR and manager will assess case and make
most appropriate action.
Dec 2009

Letter was received from member of the public Incident a (a) Loss of
detailing the following - several weeks ago whilst paper
visiting a friend who was dying in the very early document
hours of the morning I discovered the enclosed a from secured
NHS
piece of paper on the main corridor behind what he
premises
presumes was A&E. The member of public has
attached the sheet which is a bed allocation sheet
for Rainbow Ward dated 13th September 2009
1350hrs.
 Nature of Number DoH Information Impact Reason

Owner
SCORE

Organisation
data of Governance
involved people Incident Scoring
potentia Reason
lly
affected
Patient 1 1 - less than 5 people Information received Paediatric
demographic affected, 1 person by parent which s
and sensitive affected but caused should not have left
details distress the Trust - sent with
discharge letter in
error

2 patients 2 1 - less than 5 people Unsecure transfer of Pathology

demographic affected, unsecure patient data, breach
details transfer of personal of confidentiality
data

28 patients 28 1 - piece of paper Breach of Shevingto

on list was found by staff confidentiality, loss n Ward
member therefore risk of personal and those
minimised however if identifiable data on working
found by member of paper with / for
public the incident Dr. Herath
score would have and Dr.
been greater Suman

Personal Less than 2 Loss of patient's WWL

information 10 medical data from NHS FT
and health consultation
information

Patient 1 1 - 1 person affected, Cause distress to Breast

Demographic caused distress to the patient and Screening
information member of the public impact on Trust Unit
and details of who received letter in reputation and data
appointment error, Trust reputation quality processes.
2 consent 2 1 - 2 people affected Consent Forms still Glyn
forms still however the consent attached and sent to Lewis -
attached to forms have been Northgate DMS Advancin
questionnaire securely returned via when these need to g Quality
s courier be retained by Trust

Uncertain of More than 2 - Damage to team's Stolen records / Area 6

quntity - 5 - less reputation, serious disclosure of PID (Leigh)
more than 5 than 30 potential breach, up and sensitive
to 20 people possible information, damage
affected to trust reputation

Surname, 15 2 - serious potential Unauthorised Ex

Forename(s), patients breach (disseminated disclosure of member
Date of Birth affected to healthcare personal information of staff
and type of workers) - up to 20 / breach of
xray taken people affected, confidentiality
regarding damage to teams
orthopaedic reputation (IM&T)
condition

Staff 5 2 - 5 people affected, Breach of All those

member's maybe some local confidentiality / lack involded
addresses media experience a of quality control with
sent to newspaper regarding FOI request
requests

Loss of list of 6 1 - potential breach Loss of patient Clinical

patients as paper list has not identifiable data and Audit
names and been found. disclosure of Departme
addresses on personal details nt
paper
document

Patient 1 1 - one person Unauthorised Ward D

details on affected, breach of disclosure of patient
label used on confidentiality information which
envelope did not need to be
on the envelope
PID 1

PID 1

Bed 13 2 Serious potential Rainbow

allocation children's breach but Ward,
sheet for names document found and RAEI
Rainbow and posted to IG Co-
Ward (13th diagnostic ordinator
September details
2009)
 Action Required / Taken

Responsible
Person / Area
06/02/2009 - a cull of the number of persons with a printed handover sheet down to Paediatric
3 (consultant, SHO, reg) is to be commenced. Clinician has apologised to the 2nd Dpt
mother for the breach of confidentiality. IG Coordinator advised that we should
contact the parents of all children on the handover sheet and explain that the
handover sheet has been viewed accidentally by a (hopefully single) member of the
public. To enable to do this, the handover sheet needs to be recovered through a
discussion with the 2nd mother.

23/02/2009 - emailed sender of the email to inform them of reported incident from Pathology
ALWPCT - informed them to ensure that if patient information is to be sent by email
this must be sent via either NHS mail and / or the information should be password
protected in a file and then sent with a separate email / telephone call informing the
recipient of the password to open the document. 23/02/2009 - spoken to email
sender and they are now aware of the correct procedures for sending PID via email

09/03/2009 - Library Manager has informed the ward about the piece of paper Shevington
found and reminded them about the implications of this. Continue awareness Ward and
regarding security of paer documentation via IG training sessions, intranet and staff those
newsletter working with /
for Dr's

14/05/2009 - received email from Dr's Secretary - informed her to complete an Biochemistry
incident form and send a photocopy to IGC with details and actions. Department

27/05/2009 - the Breast Screening Unit have been made aware of this incident by Breast
Patient Relations who informed her that this was a clerical error and staff concerned Screening
have been advised about this data quality issue. The appointment has now been Unit
sent to the correct address.
The Department of Health has stated that it is the Provider's responsibility to Advancing
securely collect any consent forms left in questionnaires. The DH has indicated that Quality
they must be made aware of providers who persistently leave consent forms in Scheme
questionnaires. They will enforce stiff penalties on Providers who do not follow the
correct procedure. The fomrs must be returned to the Trust vis secure courier which
is the Trust's responisbility. 26/05/2009 - the consent forms have been returned by
courier back to the Trust and AGM has contacted the area of concern asking for an
overview of action taken to prevent similar mistake occuring in the future.

05/06/2009 - email has been sent from the Head of Patient Safety to Outpatient Area 6 -
managers at Leigh to state that patient records must be kept secure at all times. Outpatients
IGC also added via email that no personal identifiable information must be left in Team
areas accessible to members of the public and / or staff who do not need to see the
information. Will undertake spot check in area when IGC visits Leigh Infirmary.

16/06/2009 - Letter drafted to inform patients regarding the disclosure of information Ex member
sent by the Caldicott Guardian. Company who placed the presentation on the of staff
website contacted and asked to remove the presentation. Ex member of staff
informed of the disclosure and informed not to use any WWL patient identifiable
information

02/07/2009 - informed those who responded to request to ensure no personal data All those
is released in response to FOI requests. The email has been sent again omitting involved with
the personal details and the requester has been asked to delete the first email FOI Request
received.

Clinical Audit Manager has explained to the Clinical Audit Assistant the severity and Clinical Audit
seriousness of losing patient details. The assistant has retraced her steps and Assistant
asked in records library - the lost has not been found. Assistant will ensure more
care is taken in the future.

29/10/2009 - informed Matrons regarding the incident and informed them to inform Ward D
staff not to use the labels (which are used for information contained within the Nursing Staff
health records) on envelopes for patient letters. The only personal identifiers should
on the envelope should be the patient's name and address.
08/07/2009 - response letter sent to the Complaints Department. Await feedback
from this. No feedback received as of 29/10/2009 - will close.

Member of staff was disciplined and suspended. Returned to work and had to
undertake Information Governance training.

18.12.2009 - IG Co-ordinator to contact Rainbow Ward to inform them of the Rainbow

incident and to inform to put action plan together in order to mitigate incidents such Ward, RAEI
as this from happening in the future.
 Month

INCIDENT
SUBJE Incident

COMPLAINT /
Incident Description
CT or
Complai
nt
Feb 2010

Incident

PROMs Hospital Liaison Team informed the Trust regarding Incident

a questionnaire with the consent form still attached which
should have been retained by the Trust as per DOH
instructions
Feb 2010

Incident

It was reported that a rucksack containing 156 medical files Incident

for patients who underwent procedures were found at (SUI)
Pendelbury Lane, Haigh. The paper documents had been
stolen by a suspected agency worker who was assigned to
map and merge the records on the decision to close a clinic
in 2008 and transfer the records and information to the
Trust. The bag was dumped approximately 2 years ago. A
member of the public found the bag and reported the find to
the police.
Incident
Mar 2010

Between Friday 12 March 10 and Monday 15 March 10 a Incident

break in occurred in residential block A on the Royal Albert
Edward Infirmary site. A window pane was removed and 3
lap tops and a projector was stolen from the IT systems
team offices which are situated withing the residential block.
Mar 2010

Incident
Email sent to Foundation Trust members but did not hide Incident
the members email addresses from each other. Information
displayed was first name, last name and email address.
One member has made an unofficial complaint regarding
disclosure of their name and email address.
Mar 2010

Incident

Patient came to reception on Ward One to book in as a day Incident

case. She had her paperwork with her and handed me a
letter in an envelope addressed to her but it contained a
letter which was meant for another patient.
May 2010

Incident
Patient A and Patient B were being discharged from a ward Incident
at approximately the same time – A and B share the same
FIRST name
A member of staff accidentally handed the discharge letter
for patient A to patient B, the letter contains standard
discharge information, address, gp details, medications on
discharge and details about the episode of care. The
mother of patient B has returned to the ward today to
collect the correct discharge letter for patient B, but has
refused to return the discharge letter of patient A
Member of staff is ringing Patient A, to apologise for this
error and breech of confidentiality. Obviously this is a
information governance incident. I have asked staff, given
that it is a one off incident, to consider the pragmatic
arrangements for the distrubtion of discharge letters to be
reviewed and letters are checked against SURNAME, NHS
Number, DoB. I think incident was a genuine error on a
busy ward.
Jun 2010

Incident

Patient received clinic letter in the post from Hospital. Incident

Within the envelope was an additional 2 letters addressed
to the patients GP Practice regarding 2 seperating
individuals. Patient took the letters in question the the GP
Surgery who have filled in a IR1 Form.
May 2010
Complaint received from member of the public regarding a Incident

Complaint
staff member who may have accessed her husband's
records on the patient system. This was confirmed by HR
and the member of staff has been suspended.
May 2010

Incident

Member of staff walking along Wigan Road. Was handed a Incident

number of agendas and minutes found on top of a bin on
Wigan Lane by a member of the public.
Jul 2010

Incident

The Leavers filing cabinet has been broken into. It was Incident
between 12 noon Monday 5/07/2010 and 9am Tuesday
06/07/2010. There has been a possible breach of
confientiality as there is no log of the files.
Aug 2010

Incident
INCORRE Email received from Wigan Leisure and Culture trust - I Incident
CT FAX have over the last 5 years been in contact by phone and
NUMBER email. A letter has also been sent to your office by our
DISCLOS Chief Executive.
ED I am quite concerned about the calls that Wigan Leisure &
Culture Trust are receiving, due to hospital staff giving out
the wrong contact numbers. Staff are unable to convert
internal numbers beginning with '8' to external numbers
correctly. I am once again having to contact you to voice
concerns about patients and their relatives who are having
to phone more than once because of the confusion over the
phone number conversation. Evenings and weekends calls
would not be answered here, and may cause unnecessary
upset to patients and their families. On a more serious note
my phone number is displayed as a contact number on your
website for Dr Ravendra Bhadoria Consultant Paediatrician.
This is totally unaceptable and extremely careless on your
behalf. We have also, in the past, received faxes (last one
received 1/6/2010 ) which contain personal details and
information on patient's. Once again the phone number
conversion was given out wrong. This is quite alarming with
regards to patient confidentiality, and if the public were
aware of this, I am sure there would be questions asked.
(Sent to IG Department from Patient Relations)
Aug 2010

Incident
Alerted by external Laundry contractor that several pages of Incident
patient identifiable documents had been found at the
bottom of a cage removed from this Trust (premises
unknown) could have been RAEI or Leigh site. These were
discovered when they removed the laundry bags at the
Derby site.
The bags had obviously been placed on top of the
paperwork prior to being taken to the dirty bay. It is
unknown by whom or when the paperwork was placed in
the cage. Our contractor returned paperwork to myself in a
sealed box by return. It was impossible to determine which
site the paperwork had originated from (although site field is
completed as Leigh or I cannot submit this form!)
Sep 2010

Incident

Email from the Royal College of Opthamologist regarding Incident

CVI Forms which are being sent to an old address
Oct 2010

Complaint

Patient was an inpatient on Winstanley Ward . She did not Complaint

receive a discharge letter and was informed this would be
posted to her. The patient then received a letter fro another
patient who had received her discharge letter. Patient not
happy that her private and confidential information was sent
to another person.
 Incident Key Nature Nature Number DoH Impact Reason

Owner
SCORE

Organisation
of the of data of Informat
Incident involve people ion
and d potentia Govern
Categor lly ance
y List affected Incident
Scoring
e (e) - Other 1 consent 1 1 1-1 Consent Forms still Advancin
- consent form still
Reason
person attached and sent to g Quality
form attached affected Northgate DMS when
attached to however these need to be
to questionn the retained by Trust
returned aire consent
questionn forms
aires have
been
securely
returned
via courier

SUI - a (a) - Theft 156 green Approx. 3 3 - 156 Theft of 156 patient WWL
of paper file 156 patients medical records for a NHS FT
document records patients records sensitive service from
s from for 156 regarding the NHS secured
secured patients a premises and dumped in
NHS who sensitive country lane, loss of
Premises underwen service, records for 2 years
(SUI - t potential without the Trust noticing
details - procedure for media the loss, impact on
b) theft of between interest Access to HR requests
paper 1992 - (still i.e info would not have
docs from 2008. uncertaint been able to be
secured y if provided, impact with
NHS informed), media, reputaitonal
premises potential damage, distress caused
for to individuals concerned
a (a) Theft No patient No patient 1 1 - no No impact on patients as WWL
reputation if lost and not found
of laptops data held date personal no personal data lost NHS FT
al
from on involved data on however security
damage,
secured laptops laptops, concerns raised
distress
NHS security
caused to
premises concern -
patients if
x3 should
had been
have
lost.
been
Agreed by
locked
G. Harris .
away
K.
Griffiths
(SIRO)
and C.
Chandler
(Caldicott
Guardian)
d (d) email All public 1 1 - risk Disclosure of email Engagem
Unauthori addresse members assessed addresses, first name ent Dpt,
sed s, first of FT as low as and surname for WWL FT
disclosure name and not likely members
- surname to happen
disclosed often and
email only 1
addresse person
s resulting has
in complaine
disclosure d
of other (unofficiall
members y).
email Damage
addresse to
s which individual
should s
have reputation
remained in short
confidenti term
al regarding
inadverte
nt
disclosure
due to
human
error.

d (d) - Patient 2 1 1-2 Breach of confidentiality Admission

Unauthori details individual s, WNT
sed s affected,
disclosure less than
of paper 5 people
records - affected,
Letter minor
disclosed breach of
to wrong confidenti
patient ality
d (d) - patient 2 1 1-2 Breach of confidentiality WWL
Unauthori letter patients NHS FT
sed affected -
disclosure non-
of paper deliberate
records - incident -
2 letters less than
sent out 5 people
by affected
mistake to
1 patient

d (d) - patient 3 1 1-2 Breach of confidentiality WWL

Unauthori letter patients NHS FT
sed affected -
disclosure non-
of paper deliberate
records - incident -
2 letters less than
sent out 5 people
by affected
mistake to
1 patient
d (d) - Personal 1 1 1- Breach of confidentiality WWL
Unauthroi and damage - DISCIPLINARY NHS FT
sed Medical to
disclosure informatio individual'
- n s
inappropr reputation
aite use . Less
of than 5
informatio people
n system involved
by in incident
member
of staff
resulting
d (d)
in - Agendas Unknown 1 1- Breach of confidentiality WWL
Unauthori
disclosure and damage NHS FT
sed Minutes to
disclosure organisati
- Papers ons and
left on bin individual
s
reputation
-

d (d) leavers Unknown 2 2 Breach of confidentiality WWL

Unauthori informatio NHS FT
sed n
disclosure
- unknow
what has
been
taken
d (d) Patient less than 2 2- Breach of WWL
Unauthori demograp 5 damage confidentiality / NHS FT
sed hic and to team's disclosure of personal
disclosure sensitive reputation information
details , serious
potential
breach
c (c) Document The 1 1- Breach of confidentiality WWL
Insecure s incident potentially and possible loss of NHS FT
disposal containing report serious personal information
of paper PID doesn’t breach -
containing state this the
PID from - it only contractor
secured states has
NHS several returned
premises pages the
had been document
found s to the
Trust

e (e) - Other Document Unknown 1 1- Breach of confidentiality WWL

- s potential and possible loss of NHS FT
informatio containing breach personal information
n sent to PID
wrong
address

Personal 2 Breach of confidentiality WWL

and NHS FT
sensitive -
patient
discharge
informatio
n
 Action Required / Taken

Person / Area
Responsible
The Department of Health has stated that it is the Provider's Advancing Quality
responsibility to securely collect any consent forms left in Scheme
questionnaires. The DH has indicated that they must be made
aware of providers who persistently leave consent forms in
questionnaires. They will enforce stiff penalties on Providers
who do not follow the correct procedure. The forms must be
returned to the Trust vis secure courier which is the Trust's
responisbility.

Please see SUI sheet WWL NHS FT

Between Friday 12 March 10 and Monday 15 March 10 a break PAS Office, RAEI
in occurred in residential block A on the Royal Albert Edward
Infirmary site. A window pane was removed and 3 lap tops and
a projector was stolen from the IT systems team offices which
are situated withing the residential block.
Engagement Department has sent a letter and email of apology Engagement Dept
to the member who complained. The email has been recalled
and we be resent with the names removed (blind carbon copy).
Instruction are now in place regarding how to send bulk email
and hide the email addresses.

Apologised to the patient, kept the letter and sent it to Admissions,

admissions department with an explanation Wrightington Hospital
Information Governance perspective below. In view of this and WWL
the discussions had below and the fact we have asked the
patient to return the letter and apologised to the other patient,
from an incident position I see no need for further action. In
terms of the member of staff concerned, it might be sensible to
ensure that their IG e-learning is up to date and to run their
actions is this through the NPSA incident decision tree.

Member of staff who sent the letters asked to undertake WWL

additional IG Training through the National Trainig Tool
28/06/2010 - informed by HR that audits have been undertaken WWL
and this concluded that the member of staff has accessed the
complainant's husbands records. Informed by HR that the
member of staff has been suspended.

Member of staff who was handed the papers to manager for WWL
informstion and reporting> papers returned to person on the
Agenda.

Questions need to be asked - Why is the cabinet in the ladies Medicine

toilets? Was the filing cabinet locked? Should be keeping a list
of what is held within the cabinet and when and why records
are distroyed.
11/08/2010 - contacted Telecoms department to ensure WWL NHS FT
numbers are correct on the website and intranet for Staff and
Lowton Ward. The extensions are correct and what seems to be
happening is that staff are giving out the incorrect prefix to the
extension number and are telephoning WIgan Leisure and
Culture Trust instead and on some occasions faxing informaiton
to them. Advised Telecoms Dpt to include the prefix to the
extension numbers on the telephone directory on the intranet
and also we will reminding staff via global emal, FOCUS and by
dpt regarding the dialling codes with an information governance
statement attached (via paper copy). Need to know which
departments are disseminating the incorrect numbers, so the IG
Dpt can contact them directly.
Action taken - Rang Linen Rooms to enquire if they had been Patient Admin /
20/08/2010 - communication to staff required ensuring they are Healthcare Ops?
carful where documents are left / disposed. IG Co-ordinator
spoke to Estates and Facilities regarding confidential waste and
they have informed me communication reagrding the processes
will be sent to staff. IG Dpt also to put in communique to staff
via newsletter.

Forms need to be sent to the correct address - Opthamology Opthalmology

have informed that they will ensure the forms are sent to the
correct adress. Moorfield have advised that they will contact us
if there are any issues again.

26/10/2010 - IG response - As per complaint below – from an Winstanley Ward

IG perspective staff on Winstanley Ward must be extra careful
when sending out letters ensuring that there aren’t 2 letters
stuck together. I know this is very difficult when working on
busy wards and human error is sometimes inevitable however
we have had quite a few incidents reported like this and I am
reminding everyone to take extra care as we are breaching
personal and very sensitive information.
 Month

INCIDENT
SUBJECT Incident

COMPLAINT /
Incident Description
or
Complai
nt
Jan-11

Incident

Received telephone message from patient on the Incident

morning of 31st January 2011. The patient had received
a copy of his clinic letter. The letter had been folded in
such a way as to make visible in the addressee window,
the name and job title of the Hepatitis C Spcialist Nurse
as this was above the patient's name and address,
therefore breaching his confdientiality
April 2011

LETTER WITH Patient attended clinic and informed me that the copy of Incident
Incident

PID SENT clinic letter to GP sent to him had been folded in such a
INCORRECTLY way that in the window of the envelope clinical name
and job title (Hepatitis C Specialist Nurse) was on
display. He was upset and felt his confidentiality had
been breached. He gave me the copy of the letter in the
envelope.
Incident
June 2011

LETTER WITH Breach of confidentiality. Patient sent home with another Incident
PID SENT patient's discharge letter. Son collected patient from
INCORRECTLY ward and took her home. Then contacted ward to state
they had another patient's discharge letter. Son was
concerned that another family would have his mother's
discharge letter as he was aware another patient was
being discharged at same time.
Aug 2011

Incident
LETTER WITH HR (MAS) Incident - awaiting DATIXWeb Report11/8/11 Incident
PID SENT phone call received by HR from MAS applicant that in
INCORRECTLY addition to receiving her outcome notification, she had
also had posted to her address the outcome for another
member of staff. 9.15am Deputy HR Director informed of
issue and actions to address discussed.
Aug 2011

LETTER WITH Patient's relative handed outpatient letter to ward staff Incident
Incident

PID SENT for an outpatient appointment with the surgical team. this
INCORRECTLY letter also included name, postal address and other
details of another patient.
Sept 2011

Incident
INCORRECT Information Governance Incident. Radiology report for Incident
FAX NUMBER this patient was incorrectly faxed to BetFred in error.
DISCLOSED The report contains confidential demographic and
clinical information for this patient - MRI Head and
Spine. Staff member from BetFred contacted WWL to
report the error, and I took the details. The fax
contained a cover sheet and a one page radiology
report. Betfred where unable at the time to say what the
sending fax number was as the fax number preprinted
on the cover sheet is in fact the telephone number in
system administration.
Incident and Complaint (x 2)
Sept 2011

INCORRECT 2 faxes received by Wigan and Leigh Culture Trust from Incident
FAX NUMBER 2 different GP surgeries which should have been sent to
DISCLOSED Surgical Assessment Unit. The incident reagrding staff
disclosing the incorrect fax numbers has been input onto
DATIX
Sept 2011

Incident
PHOTOGRAPH patients visitor was found to be taking a photo of the Incident
TAKEN BY patients end of bed care plan, in the main bay area,
PATIENT ON visitor was asked not do do so and to delet the photo
WARD she had take.
Sept 2011

Incident

LETTER WITH Member of BCHT staff contacted the trust to state that Incident
PID SENT she had received a letter stating that her employment
INCORRECTLY was to transfer to WWL. She was part of corprate
services which is not in scope to transfer.
Oct 2011

Incident

LOSS OF Consultant has contacted the IT Services Helpdesk to

ENCRYPTED inform that he has lost his encrypted memory stick and
MEMORY would like another one. IT Services Helpdesk informed
STICK IG Department.
Nov 2011

Incident
ACCESS TO GP sharing user name and password with other GP
SYSTEMS
Nov 2011

Incident

SHARING OF GP asked other GP's for unique user IDs for a system
USER ID /
PASSWORDS
Dec 2011

Incident
UNAUTHORISE Patient attended out patient department. who had been
D sent a frequency volume chart by post to fill in after
DISCLOSURE having urodynamic tests.
OF PID The patient showed me her chart and told me that there
was another patients details on the back.
In fact on inspecting the form two pages of urology
waiting list were printed on the backs of two sheets of
the chart containing details (names, hospital numbers,
dates of birth and planned operations) for 17 patients.
The cause of the incident has been traced back to the
urology secretarial / admin office. It appears the waiting
list was received by fax, and fell face down and put in a
pile of paper waiting to be loaded into the adjacent
printer.
Dec-11

UNAUTHORISE Nursing staff witnessed patients daughter reading

Incident

D through medical case notes after obtaining them from

DISCLOSURE notes trolley. Proceeded to ask nursing staff questions,
OF PID quoting doctors comments from medical notes.
January 2012

Incident

INFORMATION I received private and confidential documents containing

WITH PID SENT interview packs for the divisional medical director post at
TO my home address, these were intended for a non-
INCORRECT executive director who has the same name as me.
RECIPIENT
January 2012

Incident
LETTER WITH On the 11th January 2012 I took a call from an
PID SENT employee who stated that she had received a
INCORRECTLY confirmation of maternity leave letter for another
individual, and that she thought this person had also
received her materntiy letter (although this has not been
confirmed)
 Incident Key Nature of Nature of Number DoH Impact

Owner
SCORE

Organisation
the data of Information Reason
Incident involved people Governance
and potentia Incident
Category lly Scoring
List affected Reason
d (d) Sensitive 1 0 1 person Breach of WWL
Unauthorise Information affected Confidentiality NHS FT
d disclosure

d (d) PID 1 0 1 person Breach of WWL

Unauthorise affected confidentiality NHS FT
d disclosure

d (d) PID and 1 0 1 person Breach of WWL

Unauthorise Sensitive affected confidentiality NHS FT
d disclosure information
d (d) PID and 7 2 Up to 20 Breach of WWL
Unauthorise Sensitive people confidentiality NHS FT
d disclosure information affected,
damage to
team's
reputation,
some local
interest may
not go public

d (d) PID 2 0 Up to 2 people Breach of WWL

Unauthorise affected, confidentiality NHS FT
d disclosure
d (d) PID and 2 0 1 person Breach of WWL
Unauthorise Sensitive affected confidentiality NHS FT
d disclosure information

d (d) PID and 2 2 Damage to Breach of WWLNHS

Unauthorise Sensitive team confidentiality FT and
d disclosure information reputation, GP
- some local surgeries
inappropriat interest, (joint)
e use of serious
information potential
asset (safe breach - upto
haven 20 people
principles affected
breached)
resulting in
disclosure to
third party
e (e) Other - PID and 1 0 Single Breach of
photograph Sensitive individual Photography
taken off information affected but Policy
medical however consent given
documentati consent by patient for
on on ward obtained relative to take
from patient photograph of
observation
sheets

d (d) PID and 1 1 1 person Breach of WWL

Unauthorise Sensitive affected confidentiality NHS FT
d disclosure information
of
information
resulting in
disclosure

e (e) Other - No PID No PID 1 Reputational Reputational

loss of involved involved damage to damage if
encrypted individual and memory stick
memory Trust if found - found as will
stick possible have WWL logo
media interest on it
d (d) - PID and ? 2 Inappropriate Breach of
Unauthorise Sensitive access to confidentiality
d disclosure information systems

d (d) - PID and n/a 2 Inappropriate Inappropriate

Unauthorise Sensitive access to disclosure
d disclosure information systems
d (d) - PID and 17 2 Unauthorised Unauthorised
Unauthorise Sensitive disclosure of disclosure
d disclosure information personal and
sensitive data

d (d) - PID and 1 1 Less than 5 Unauthorised

Unauthorise Sensitive people disclosure
d disclosure information affected (3rd
party data may
have been
viewed)

d (d) - PID upto 5 1 Less than 5 Unauthorised

Unauthorise people disclosure
d disclosure affected.
d (d) PID and 2 1 Less than 5 Breach of
Unauthorise Sensitive people confidentiality
d disclosure information affected (2
of people)
information
resulting in
disclosure
 Action Required / Taken

Person / Area
Responsible
The specialist nurse contacted the patient the morning Staff who
of listening to the message in order to find out what send out
had happened. The nurse apologised and informed letters on
him of his right to complain and informed him how to do behalf of
so. The nurse informed him that they would take consultant
measures to reduce the risk of this happening again. within
He does not wish to make a formal complaint and Gastroenterol
wanted reassurance this would not happen again to ogy
himself or others. The incident has been reported to
the consultant's secretary who is going to discuss the
incident with the individuals who put letters in
envelopes for posting to ensure this does not happen
again. Consultant has been advised of the action
taken. IG Coordinator advised this is the action she
has recommended to inform the staff to be extra careful
when puttling letters into envelopes and making sure
no sensitive information can be viewed.

The Hep C Nurse apologised and reassured him that Hepatitis C

action is taken to prevent this happening again. The Consultant
gentleman was informed of his right to make a formal Secretary
complaint. He said he did not want to take the matter
further but did not want this to happen to any other
patients in the future. I notified Consultant secretary
and gave her the letter in envelope as he had received
it. I have requested via Consultant secretary that in the
future all clinic letters generated by me have job title:
title ‘Hepatitis C Specialist Nurse’ replaced this with
'Clinical Nurse Specialist'.

Sincere apologies given. On investigation patient's Billinge

discharge letter was still in printer tray, therefore not Ward, RAEI
given to another patient by mistake. The other lady due
to go home had not yet left ward. Both discharge letters
had been printed at same time. Wrong one given by
mistake. Correct copy remained in printer. Discussed
returning the incorrect letter for confidential disposal,
patient's son would prefer to shred the incorrect letter
from home. Correct discharge letter posted out.
Sincere apologies given and accepted.
Spreadsheet of approved MAS applications checked – Named on
revealed other outcome notifications had crossed incident
addresses. Re-cross check of all spreadsheets to track report (x 2
where outcomes had gone / assess impact of staff)
anomalies, Re-cross check of ESR registered
addresses for all MAS applications, 7 confirmed
anomalies, 2 of the 7 anomalies identified as likely
related to ESR address anomalies, C11.20am update
to Deputy HR Director and decision to make phone
calls to individuals ASAP today made, c12.30
telephone calls successfully made to 5 of the 7
applicants to inform them of the error and seeking
recovery of any mis-directed outcomes issued; 2 of the
7 could not be directly contacted (voicemail messages
left for them to contact HR ), telephone calls confirm 2
ESR address anomalies, c2.30pm apology letters and
re-issued outcome documentation completed for re-
issue to all 7 staff where errors / anomalies occurred,
c3.00pm summary of main events compiled to inform
Director of HR and Information Governance
Department,Briefing note to go attached in e-mail to
lead for Information Governance seeking confirmation
if a DATIX incident log needs completing

Apologies given to the patient. Human error - nothing Named on

further can be undertaken incident
report
This is a feedback message from th IG Coordinator Radiology
The feedback is: The Manager of BetFred has been
contacted to return to fax to the Information
Governance Department securely. A patient radiology
report was received by them by fax incorrectly - this
was sent to 01942 820040. The cover sheet on the fax
also contained the incorrect telephone number to
contact (01942 822482) which is System Admin Team
at Buckingham Row. Please could I advise that all
cover sheets are checked to ensure they contact the
correct contact numbers, also this report may need to
sent again to the correct destination and fax number
(patient named on incident) (is there anyway this could
be sent electronically rather than fax), please could all
Radiology staff be reminded of the safe haven
procedures when faxing (see Safe Haven Policy on the
Policy library on the intranet). Fax numbers must be
double checked and the recipient of the fax should be
telephoned to check they have received it. We will
contact you once the fax has been returned to us.
Thanks, Information Governance

16/09/2011 - IG have contacted both GP surgeries and Surgical

explained that the Surgical Assessment Team have Assessment
provded the incorrect prefix for the fax number it should Unit, RAEI
have been 77 and not 82 folling a 4 digit extension
number beginning with 8. IG sent Direct Dialling
Facility Help sheet and will send up to date fax list to
them. Surgical Assessment Department will be
informed of incident and reminded of the importance of
ensuring the correct number is given out. A global
email will also again be sent out to remind staff of the
importance of checking telephone and fax numbers.
20/09/2011 - IG Response: As you know we have a Acute Stroke
Mobile Device Policy which says that camera Unit - Patient
functionality on phones or cameras should not be used Relative
within the Trust. However, as regards the Access to
Health Records Procedure, staff should offer advice
and assistance to the patient and relative on noticing
they are concerned about something and have
therefore taken a photograph. If they want to look at
the bed care plan for some reason, the clinical staff on
the ward should offer to go through it with them and
explain anything they are unsure off while they are
there obviously with patient consent. Other than that
they can request to have copies by submitting an
Access to Health Records request to the Access team.
Before any health records are released, these are
checked by the last treating clinician to check for any
third party information or information which would deem
to cause harm or distress.
If the bed care plan contains sensitive information that
the patient (because the patient could quite easily read
it themselves) or relatives should not be able to see
then it should not be located at the end of the bed
where it is accessible to anybody.

HR contacted BCHT to notify of incident and confirm HR

name not in list. Name had appeared on list generated
by payroll which had not been filtered out. BCHT
employee was contacted and re-assured that her
employment not transferring. BCHT completed
incident form for Data Breach.

Once we have the details we can send a reminder to Consultant

everyone. IG Dpt will send reminder once incident has
been reported - Memory Stick was encrypted
15/11/2011 - Many thanks for getting back to me. It is GP's in A&E
important that all GP’s are reminded that user names
and passwords must never be shared or disclosed for
any system they have access to. The IT Training
Manual for Doctors using MSS clearly states this on
page 9. As I’m sure you understand by sharing user
names and password, it is a breach of Acceptable Use
of IT systems and principle 7 of the Data Protection Act
1998, and we lose the audit trail and those who use
other staff logins may be looking at records they
shouldn’t be but there is no audit trail or evidence for
us to prove this. If access is required for a system, this
must be justified and the GP must contact the IT
Training Department as soon as possible, so training is
provided prior to being given access to the system.
Please could this be communicated to all GP’s who will
be working in A&E – put in GP newsletter, global email
to all GP’s, any other communications and if you can
send me a copy so I have evidence they have been
informed.
Also please can you speak to Dr XXX regarding this
incident and to remind him not to disclose or ask to use
or use another staff members login, I believe he is now
being set up with a login and relevant training.

15/11/2011 - are these PCT or WWL staff as part of GP's in A&E

TCS, emailed to find out who IG can contact to inform
them of the importance of not using another member of
staff's password and also not to disclose unique user
names / passwords. 15/11/2011 - Many thanks for
getting back to me. It is important that all GP’s are
reminded that user names and passwords must never
be shared or disclosed for any system they have
access to. The IT Training Manual for Doctors using
MSS clearly states this on page 9. As I’m sure you
understand by sharing user names and password, it is
a breach of Acceptable Use of IT systems and principle
7 of the Data Protection Act 1998, and we lose the
audit trail and those who use other staff logins may be
looking at records they shouldn’t be but there is no
audit trail or evidence for us to prove this. If access is
required for a system, this must be justified and the GP
must contact the IT Training Department as soon as
possible, so training is provided prior to being given
access to the system.
Please could this be communicated to all GP’s who will
be working in A&E – put in GP newsletter, global email
to all GP’s, any other communications and if you can
send me a copy so I have evidence they have been
informed.
Also please can you speak to Dr XXX regarding this
incident and to remind him not to disclose or ask to use
or use another staff members login, I believe he is now
being set up with a login and relevant training.
The fax and printer have been separated. Urological
A tray to catch faxed sheets has been put in place so Secretarial /
those faxes received cannot go astray. Admin Office,
As a policy the printers will only be loaded with paper RAEI, Wigan
directly from the ream wrapping and spare piles of
printer paper will not be kept.

Relative politely reminded that all patient notes are Winstanley

private and confidential. Patients relative offered time Ward, RAEI,
with SHO however declined this appointment. Nursing Wigan
staff also noted that patients relative not documented
as next of kin.
On speaking with relative she seemed dissatisfied that
nursing staff where speaking with other patients
relatives rather than her during visiting hours.

I rang a member of medical human resources and Human

informed them of the incident, and I was advised to Resources,
dispose of them in the confidential waste bin, which I Buckingham
did. I also informed my ward manager of the incident. Row
I apologised, took the employees contact details, and Human
assured her that I would look into the matter. On review Resources,
of the file copies of the letters, both had correct Buckingham
addresses, as stated on the maternity leave application Row
forms, however the administrator issuing the letters
confirms she often uses non-window envelopes, and
stated that this may be where the error has arisen. The
correct letters have now been sent to both individuals
along with a written apology. The standard template
letters have been revised so that the address fits
correctly into a window envelope, thereby removing the
need to write out the address manually again.