A Hutt Hospital employee has been fired for accessing patient files without legitimate reasons.

A report prepared for Hutt Valley District Health Board revealed three staff members at the hospital were investigated for potential privacy breaches in October and December.

Acting chief executive Michael Hundleby said two breaches were upheld while in the third case the person had a legitimate reason for accessing the file.

"The two people who were found to have used files inappropriately were both administration staff. One was dismissed and the other received a written warning."

The person who was dismissed was identified through whistleblower legislation and the other owned up, he said.

Chief operating officer Jill Lane said all the cases related to allegations of staff looking up details of people when they had "no legitimate reason to do so" as part of their jobs.

"We continually audit our systems to ensure that patients' privacy is protected."

The board has overhauled a confidentiality form which new staff must sign. Copies of the form, obtained by The Dominion Post, show changes including the addition of the line: "It is vital that you act professionally and ensure confidentiality is maintained at all times. This includes the health information of other staff members and your own family members who are a patient at Hutt Valley DHB."

The board has also hired a privacy officer.

Assistant Privacy Commissioner Katrine Evans said the type of situation experienced at Hutt Hospital was often known as "employee browsing". Complaints about this type of inappropriate "browsing" were received from time to time. "We're aware of several other situations recently in which employees have been sacked for inappropriate access to information, for example, in the health sector or in government agencies."

She said that, as more information was stored electronically, employees were more able to browse their work computer systems for information on their family, acquaintances or celebrities.

"But their employers are waking up to the problem too – government agencies and businesses have huge amounts of information about people, and the responsible ones know how important it is to keep it safe.

"Also, it's pretty easy to use that same computer system to track people who abuse the trust that's placed in them – so employees are now increasingly likely to get caught and disciplined."