Private medical details of NHS staff were leaked to colleagues in an embarrassing data breach.
Intimate details of employees off work with illness were sent in a global email, which made them accessible to all NHS 24 staff instead of just senior executives.
It included details of workers who had suffered accidents, had mental health problems or were undergoing surgery.
A probe was launched by the Information Commissioner’s Office (ICO) in Edinburgh, which is responsible for protecting the public’s privacy and personal data.
The blunder was made by the employee relations team in the human resources department in Glasgow.
When they realised the mistake, they recalled the email and sent a second one ordering staff not to open the first.
Later, NHS 24’s human resources business partner Louise Gordon sent a letter of apology, which read: “Unfortunately, I am writing to let you know about a data security incident that involved your personal information.
“I wish to personally apologise for this error and unintended consequences.”
An NHS 24 insider said: “It is a matter of concern that an organisation that deals with the personal medical information data of thousands of members of the public cannot protect the privacy of their own staff.”
Scottish Labour Health spokeswoman Monica Lennon MSP said: “This is an extremely serious data breach. Staff will rightly be outraged their personal information has been inappropriately shared in this way.
“Both NHS 24 and ministers must provide reassurances this will not happen againy.”
An NHS spokeswoman said: “NHS 24 conducted an investigation as soon as we were made aware of a potential data protection breach. In line with protocols, we informed the ICO of the potential breach.
“Following a full investigation, we were advised that no action would be taken.”
The ICO said: “NHS 24 Scotland reported this incident to us and this matter has now been closed.”
