Hospital bosses face action over records scandal.

By Marjory Inglis, health reporter   THE UK'S data watchdog was demanding answers last night over the Strathmartine Hospital medical records scandal—and could take enforcement action against NHS Tayside. Bosses at the health authority were under fire again yesterday after confidential documents relating to individual patients were found strewn around the disused hospital.   Several files were found including details relating to the adoption of a young girl giving her real name, address and date of birth and information relating to a baby born an alcoholic.   NHS Tayside's chief executive Professor Tony Wells denied there had been any attempt to "mislead" the Scottish Government or the data watchdog.   His comments came after Public Health Minister Shona Robison said she had received assurances from NHS Tayside that the documents had been cleared from the site when that was clearly not the case.   Last night it emerged that a member of the public made a formal complaint about the situation to the Information Commissioner's Office and similar assurances were given there.   Anybody who is concerned about a breach of the Data Protection Act, which governs the appropriate management and disposal of personal records, can complain to the commissioner.   "The Information Commissioner's Office takes breaches of people's privacy very seriously and it is concerning if personal information, particularly sensitive information such as health records, has not been disposed of securely," Ken Macdonald, assistant commissioner at the ICO, said last night.   "This is a key principle of the Data Protection Act. Following a complaint regarding the disposal of patient health records at the former Strathmartine Hospital in Dundee, we contacted NHS Tayside to establish further details.   "Despite the ICO having received assurances that immediate action had been taken to remove the records from the building, this appears not to be the case.   "We will be contacting NHS Tayside immediately to demand an explanation and, if necessary, we will use our enforcement powers."   A spokesperson for the ICO last night said a breach of the Data Protection Act is not a criminal offence but, if a company or public body is required to meet the demands of an enforcement notice and fails to do so, the breach is a criminal offence and could lead to prosecution.   Yesterday Professor Wells took charge of the renewed effort to clear sensitive information from the hospital, visiting it with specialists called in to do the job which, he said, would take weeks.   Meanwhile, bin bags full of documents removed from the premises were being taken to a secure store until the appropriate way to deal with them had been ascertained. Prof Wells was adamant that he and his colleagues had not misled those making formal approaches regarding the documents.   "Nobody has been trying to mislead anyone," he said. "I think we have acted in good faith and we are trying to investigate just how this situation arose."   Yesterday, Scotland's director general for health Kevin Woods wrote to the chief executives of Scotland's 14 health boards drawing attention to the Strathmartine situation and seeking assurances that "obligations" with regard to the management, retention and disposal of medical records were being met.   He emphasised that the buck stops with the chief executive of each health board.