FairWarning is a privacy monitoring solution that detects unauthorised or inappropriate access to our electronic records. Information on FairWarning has been circulated in payslips, by email and on the NHS Fife internet. Additionally every time a member of staff locks their computer screen information about confidentiality and the FairWarning system appears and must be ticked as read and accepted before access is granted back onto the computer.
Examples of privacy breaches could include:-
- Accessing a friend or family members NHS electronic record for a non work related reason.
- VIP snooping – unauthorised or unnecessary examination of the records of footballers or sports starts, politicians, media personalities and criminals.
- Other Snooping – access the records of colleagues, friends, family members or neighbours. This access may be malicious and / or simple nosiness, it may even be at the request of these individuals – all are breaches of the policy.
- Logging on as someone else – using the logon of a fellow member of staff, even in the course of treating a legitimate patient, breaches the policy.
Whatever the motivation or mitigation presented by staff for accessing patient records inappropriately, all breaches of the Data protection & confidentiality policy and information security will be investigated and may result in disciplinary action and legal procedures being taken against the offenders.
If it appears there has been inappropriate access by a staff member, a member of the HR team will contact the staff member’s Line Manager and provide them with a copy of the report.
Following contact from HR the Line Manager or another appropriate person will be required to investigate the alleged breach/es of inappropriate access. They will be required to verify if there has been a clinical reason for the access, this will include speaking informally with the staff member in the first instance regarding the alleged breach. If the Manager believes, after initial informal investigation, that the DATA PROTECTION AND CONFIDENTIALITY POLICY | NHS Fife has been breached irrespective of mitigation provided, a formal investigation under NHS Scotland Workforce Investigation Process will be required. The Line Manager may wish to consider restricting access during the investigatory process dependent on the volume of inappropriate access.
In situations where a member of staff has accessed their own electronic record and this has been picked up by the fairwarning monitoring system, an informal meeting should be arranged with the member of staff to discuss in the first instance. Currently access by a member of staff of their own record for a non work related reason is not investigated through this process as they have not breached confidentiality by accessing another individuals NHS record. However the member of staff should be reminded that they should not take advantage of the access they have to NHS Systems to access their own electronic record. Any request for personal information should be through recognised channels/processes such as requesting information from their GP or through a subject access request.
Below is the link to the NHS Scotland Workforce Investigation Process https://workforce.nhs.scot/policies/workforce-policies-investigation-process-overview/.
If a potential Fairwarning Confidentiality breach has occurred guidance and the relevant supporting documents can be found on NHS Fife Internet via the following link HR Procedures | NHS Fife under the tab ‘Fairwarning Confidentiality Breach – Guidance For Managers’.
Documents include; Managers Flowchart to guide the process, tailored invite to initial investigatory meeting letter (which staff member does not have to attend), tailored Invite to Investigatory Hearing letter, tailored meeting note template with suggested questions for Investigatory hearing and other relevant documents. These are available to assist Managers should they be required to investigate a potential Fairwarning confidentiality breach formally. There is also a template report and outcome of Investigation letter available for use once investigation stage is complete.
If the Manager makes the decision following formal investigation and completion of report that the access has not been for clinical reasons and believes it should proceed to a conduct hearing for a panel to consider, please contact your HR Officer/Adviser at your earliest convenience so that HR can co-ordinate panels in a timely manner.
Following notification by HR of a potential Fairwarning breach of confidentiality, if the Manager establishes that information was obtained for non work related purposes and it is believed there has been a breach of confidentiality, the incident must also be logged in Datix. A guidance document is available under the Fairwarning breach of Confidentiality Tab.
If any further guidance is required to undertake these investigations the investigating Manager should contact their HR Officer/Adviser in the first instance.