A cleaner at Edinburgh Royal Infirmary who allegedly contacted a female patient on Facebook has been charged with breach of data protection.
Following an investigation NHS Lothian said that the patient's medical records were not accessed and that the patient's name was obtained from an electronic floor plan at the hospital.
The incident reinforces the importance of ensuring that staff and students, in particular medical students who may have access to sensitive personal data during work placements within hospitals, are aware of their data protection obligations.
For further information on when a data protection breach can be a criminal offence refer to the ICO's FAQ.
For more information on data protection please refer to JISC Legal's guidance.