It was reported in the media that an NHS employee has successfully sued a large acute hospital for revealing their mental health issues to colleagues. They have been awarded £2,500 compensation.

In September 2020, they were off sick with mental health issues when their line manager exposed the reason why they were not at work by detailing this on a staff rota which other colleagues could see. The NHS employee complained to the hospital’s HR team about the data breach, who advised them to confront their ward manager themselves. The NHS employee said they did not know how to use the system properly. Feeling as though the matter had not been dealt with appropriately, they sought legal advice and was successful in their claim.

The NHS employee was admitted to hospital after the incident. Whilst full blame concerning the deterioration of their mental health was not attributed solely to the data breach, this evidently exacerbated a complicated and significant past mental health history. It has not yet been revealed whether the ICO had been notified of the breach or what, if any, enforcement action they may take in response.

Action Required
  • Ensure that staff details and medical history are respected and treated in the same manner as if it were a patient or other confidential information and issue a reminder to all staff members advising of the above breach.
  • Ensure that all documents contain only the information that is necessary and do not include additional confidential information that may be inadvertently shared with colleagues.
  • Ensure that staff know policies and procedures on how to raise a personal data breach and that systems on how to do this are clear and easily accessible.