Close relative working for NHS and Data protection

Contact PALS and explain the situation, I had a friend who had an alert placed on her file in case her abusive ex tried to track her down - he was a consultant.

When I worked in Sexual Health, our records were completely separate from other hospital records. We never automatically contacted a person’s GP without their express consent. Only if their GP had referred them by letter they would get a response from us. I don’t know what happens nowadays.

No ! You shouldn’t even ask someone to do that . They could most likely be disciplined and lose their job . It breaches confidentiality and I think they would refuse to do it - I would have we done for sure .

Remember that Mental Health Trusts have completely separate systems of recording notes. Even your GP cannot get direct access to them, only what MH professionals have written to your GP or a consultant as those letters/requests will be logged into the general NHS system.

If a patient wants to get copies of their own records, they have to be assessed by a MH professional as being well enough to get those notes. they may be given a heavily edited version.

It's a mixed blessing. It does depend of course on staff observing confidentiality just as the main system, does. It protect users from the levels of open access in the general NHS system: but if there has been bad professional practice it is a great deal harder to get information to raise a complaint etc.

If they are your own records you can ask to see them Access to any other person is NOT allowed ....even when I worked in the NHS some years ago, before computerised records .........friends sometimes asked me to look at their notes. NO way .....and if it was a friend who was a patient under the Consultant I worked for, I was required to tell them that I knew this patient, and therefore was not allowed access to their records and another secretary/admin assistant had to do any work on that record ! ...would YOU like anyone who knew you to have access to your records, even if you have nothing to hide !

No they can't So don't even ask them!
Our Drs have Patient Access where we can review our own records from home/order prescriptions etc.
Perhaps you could ask if they do too

There was an option to opt out of NHS data sharing - set up so that your health records could be seen by professionals treating you, i.e any long term condition and regular medication. But certainly not for purposes of personal interest

Personally I would say no , if they did could have serious consequences

You can usually only see records for the organisation you are accessing the system from. There was a big push to get unified health records across all providers nationwide but the scheme was too expensive in the end and scrapped about 10 years ago.I have to look at a lot of individual health information to do my job. If a family member is on my list I have in the past got a colleague to deal with this instead - I don't want to see their records.
I have known instances where there have been checks when someone has accessed the records of a person with the same surname so there is some attempt to check access is legitimate - but even then it turns out not to be some one they know just a stranger with the same surname.It is a difficult one to enforce although I think it would be impossible to work in the NHS and not know that you must not access anyone's records unless you need to to do your job.

When I worked in the NHS the onlin access “tree” was blocked at every layer. I could only see the patients treated by my team. I could see some names of those treated by teams in the same department but no details.

Any member of staff with a smartcard can access the basic patient details of that organisation, but not another one unless the patient has given sharing permissions.

It is a very serious offence to look up the records of someone without good reason, but inveitably staff will be tempted. When one of the popular Top Gear presenters was badly injured in a crash, the number of extra accesses to his record was noted and staff were disciplined - including those in the Obstetrics and Gynaecology Departments!

When I was training as a social worker in 1985, a fellow student was expelled from the course for looking up her husband's medical records whilst she was on placement at a hospital. Recently a member of NHS staff lost her job here in our small community for accessing medical records.

I thought NHS employees were trusted to treat information as confidential but if a healthcare professional was caring for someone known to them they could pass on information without accessing technology.

Yes they can but tbh, unless you ask your Health Records dept. to investigate, I doubt anything would be flagged up. I work in Health Records and I've been asked twice in the past few months why I was looking at a patient's details but that was only because I'd forgotten to navigate away from the page for a few minutes and that meant no-one else could access that page (I also work in a place that might appear as if I shouldn't be accessing records even though I definitely should). If someone were to look up a relative's or friend's records and did it at a time when no-one else was trying to access them, nothing would be noticed.
There are random checks done on the records that all staff have accessed but there's too many records, too many staff who need access to records and not enough staff to investigate every single time a record has been accessed. If you suspect that anyone has inappropriately looked at any of your records, phone your local health board immediately. No-one should be abusing a position of trust in the NHS.

If you're having no joy with your complaint, #Caasdon, you can report it to the Information Commissioner as a breach of the Data Protection Act. They will investigate and let you know whether your information was accessed or not.

I would imagine access is on a 'need to know ' basis, electronic access can be set up so that only those who need access to this area of the system are allowed, access can be blocked to various parts of the system.if your role doesn't tequire it, but I can't be certain this is the case

I think there is tracking on patient files and you can see when, where, time and who logged on.

Type GDPR NHS into google to find lots of information. There’s the nhs and gov.uk website too. The link is below. scroll down to ‘abuse of privilege’. If you do make a query they have up to a month to respond, but only up to 72 hours to decide what action is needed and who should be informed. I’m no expert but that’s the gist.
cfa.nhs.uk/about-nhscfa/information-hub/data-protection/confidentiality-policy

If the are caught looking up patients notes that they are not required for then they can be sacked. Searches can do done to see what each person is searching for so it can be proved if necessary. Depending on the job they do they could well have access to your records.

Oh and every time you accessed a patients records it left a trail. So was traceable if accessed even accidentally.

I retired from the NHS 3 years ago. To access a computer you had to have Smart Card. I worked in a hospital and as an administrator I only had access at a certain level. But could read patients letters and diagnosis. I could find a patients NHS number nationally if required but not access any other information. Ever Smart card was limited to your pay grade to what you can access. A consultants secretary may have more than standard ‘need to know’ access.

LadySybil

Thanks Gagajo, just saw your post after writing my last one. It is potentially very dangerous, there should be someone as well as PALS this could be taken to surely.

Your first step should be to contact the hospital and ask them to look up everybody who has accessed your records, which shouldn't be too difficult.

If you have proof that somebody has accessed your records without authorisation, you should contact the Information Commissioner's Office, who investigate breaches of data protection. If you are intending to take legal action, it would be a good idea to get a solicitor.

Absolutely that's a No.
Not everyone has access to clinical information you have to have permitted rights for each service application , then it can be traced back to the individual reviewer.

I'm on my Lunch break from doing a Remote Pacemaker Clinic, I have all sorts of access but the IT department know I'm still logged on they can remotely see my work, if needed, and what I have checked out.

Info on the database is accessible only on a “Need to Know” basis. However, all staff from consultant to admin staff have access. In reality no organisation has the time to check every incident of access. It is a sackable offence to look an entry up if you cannot prove your job necessitated the information. I worked with a man who this happened to because he looked up his ex wife’s records and his manager was made aware.

There is a digital record linking the staff member to all searches they have ever made, therefore, if there is a specific need to investigate, the person will be found out. Also similarly, people who know their details are on file can request special privacy restrictions so that no one except a named Senior can access it.

I found when I moved house and asked my old GP practice for a copy of medical records as it would be helpful to the new surgery I joined. They only went as far back as the 1980's . And all the consultant letters from the 80's and 90's had been destroyed. When asked why they said because they hadn't the space to store them.

Because everything is stored online nothing is safe as anyone can hack your information about anything.

Even deeds to your property are stored online. Didn't know that until I moved as all you get is a letter with your deeds reference number.

The world would grind to a halt is there was no electricity.

I know it doesn't answer your question LadySybil but got me thinking.