More than 3,000 Hywel Dda patient records, including test results and doctor’s letters, have been accessed "inappropriately" by a hospital nurse over a period stretching back at least two years, the health board has said.
The nurse, who has not been named, was based at West Wales General Hospital, Glangwili, in Carmarthen, but accessed the Patient Records from across the health board region, including Pembrokeshire, Carmarthenshire and Ceredigion.
Hywel Dda University Health Board (HDUHB) medical director Dr Philip Kloer said there appeared to be "no clinical rationale" for the nurse, who has been fired in the wake of the revelations, to have accessed the records.
The individual, who has been referred to the Nursing and Midwifery Council, was described as "an experienced member of the clinical staff" who had been employed by HDUHB "for a number of years". Dr Kloer said the records involved bore no relation to the nurse’s specific field of work.
"There was no reason for this person to have accessed these records," Dr Kloer said.
"It is very difficult to understand."
HDUHB chief executive Steve Moore said it appeared that records had been accessed "for information purposes only" and there was no indication that any record had been copied, accessed or sent to any third party.
"The individual has told us that she simply viewed them," said Mr Moore.
"There was no change to any record and no impact to any patient’s clinical care."
He stressed that the data accessed related only to electronic hospital records and not the full medical record of patients.
A spokesman for the board said: "The record provides details of hospital appointments, clinics and visits, as well as test results and some letters.
"We do not know how much of this information has been accessed."
Mr Moore said that the breach had come to light after a senior member of staff voiced concerns regarding the nurse’s access of patient data towards the end of 2015.
An electronic audit of her computer use showed "inappropriate access" to more than 3,000 patient records during the past two years, however HDUHB systems were unable to check beyond 2013 and the board was unable to confirm whether patient records had been accessed prior to that time.
"We are able to reassure people that our review has shown no changes or amendments were made to records. It also produced no evidence that the information has been used by the individual for any purpose other than to view," said Mr Moore.
All of the patients whose records were accessed have today been contacted in writing by the health board.
"Those who have not received a letter have not been affected," said Mr Moore.
HDUHB has referred the breach to the UK Information Commissioner’s Office.
"This remains an ongoing investigation," said Mr Moore.
"This is a matter we take extremely seriously and I have written to every patient directly affected to apologise for the actions taken by this individual which go against their own professional code of conduct and health board policies and procedures."
"We understand and acknowledge how distressing this is for those individuals affected, especially for any who may be vulnerable and we have set up a free helpline should they wish to discuss this with us further."
Any member of the public who wishes to contact the health board