Medical records accessed and altered by "unknown staff member".

No. OMG how awful. Not sure how the 'accessor' couldn't be identified though.

Does it really matter as long as the record is accurate? Perhaps the "unknown staff member" was a locum or a temporary staff member so they didn't have staff ID...

It wouldn't bother me as long as the info held is correct.

When I worked in the NHS I could log in and add extra information about my clients appt with me and could change it if I typed a mistake and didn't realise until I submitted it but it would always show it was me and what my job was eg my name and counsellor. So your record should show who made the entry because they have to have ID to access the system . You have a legal right to see your entries, complain and ask for the practice manager to sort it out

Thank you for your replies.

To expand and without going into too much detail "unknown staff member" has accessed my records, changed some personal information and then disclosed the false information to the DWP.

The system I used at work allowed alterations to be made within 24 hours, so that small errors or omissions could be corrected contemporaneously, but not after that.

I’m not clear if you’re referring to your GP or hospital records, but deliberate falsification is viewed very seriously by the GMC janet so if you think your records have been falsified you should see a solicitor and get advice.

Not to mention breach of confidentiality.

It's my GP records, I only discovered it because I moved house.

I started a complaint in January but it took the NHS till May to wave me away to ICO in a very dismissive manner and as though it were trivi.

it's a very slow process, it seems, and I am expected to do all the work, which I am rather shocked about.

I think that would constitute a criminal offence actually. Have you considered reporting it to the police? I would definitely get your own legal advice from a solicitor that specialises in NHS matters.
Our GP Practices use computerised records and have done for a few years and all entries can be traced to who was logged in at the time. Information Governance modules are mandatory for staff and one of the first parts is about never giving your password to anyone - not even your manager. Never leaving yourself logged on and going away from the computer. It is a sackable offence - even for nurses.

I would not get involved in any kind of legal action they can stonewall you for years the stress and frustration really will damage your health.
The fact is that the health service is run by humans and is subject to human failings, you must assume your records are incorrect, check them out often.
My wife has complex problems and we expect to question any treatment only then will they check the records properly. Years ago you had one doctor who knew all your history, those days are long gone, even consultants move on frequently there is no continuity.

It sounds like a criminal offence to me. I'd take legal advice and talk to the police.

It sounds as though you are saying the records have been changed with the deliberate intent of passing this false information to the DWP. If that is so, then the police should be informed.

Hi OP,

I used to work in several Gp surgeries (minor role).

Here's a link that takes these matters very seriously.

www.gov.uk/government/groups/uk-caldicott-guardian-council

Thank you, you all are great :-).

I have spoken to the police, they are not really sure so are getting back to me.

Also emailed the caldicott office for guidance.

No one seems remotely disturbed by it thus far, oddly because it will be many more than just me, people don't normally do that kind of thing as a one off.

When it says "unknown staff member" I wondered if it is something they are not telling you but they can tell? Our computerised records, where I worked, showed who was logged in but I'm not sure it would show on a printout or something available to send to the DWP.
There are two other issues here related to what I used to do. One is that temps would log in with a permanent staff members login as it could take weeks for IT to issue a new login and we could not afford to have temps doing nothing for weeks. I am aware that this was wrong but there was nothing we could do about it.
Seconldy, information sent to the DWP was on a form that they sent to us to complete, much like the forms we use when claiming pension or benefits so this would not show who amended records.

On a lighter note, a receptionist at a hospital outpatient clinic my husband attended was checking ethnic origin. He said he was English and she insisted that there was no such thing as English, hence she altered my husband's records to show "refused to give ethnic origin". I worked at the same Trust so altered it back to English.

I don't think the actual report to DWP came from the GP, I think it was an anonymous report.

Around the same time (a couple of months later) I got sent for an unexpected medical procedure in another county for something I did not have.

Very odd, now I consider it because I was living more or less next door to my local gigantic teaching hospital where one would usually be sent.

**The report was same day.

This is in clear breach of the GDPR data protection laws so I would report the breach to the Information Comisdioners Office! You can also sue the data holder for damages if the breach has caused you any losses or distress in this case the GP practice

Sorry information commissioners office! They are the ones who will take action under the law as it’s not really a police matter

ico.org.uk/

Your personal information concerns
Share(Opens Share panel)
If you've had a problem accessing your personal information, or have a concern about the way an organisation is handling your personal information – perhaps they hold information about you that is incorrect, they have held it for too long, or they are not keeping it secure – we may be able to help you do something about it.

Next

What can I expect?

If we think the organisation has not complied with its obligations we can give the organisation advice and ask it to solve the problem. Our main aim is to improve the information rights practices of organisations, where there is an opportunity for us to do so.

We will not usually investigate concerns where there has been an undue delay in bringing it to our attention. You should raise your concerns with us within three months of your last meaningful contact with the organisation concerned.

Hope this helps ?

It is a criminal offence under the Computer Misuse Act 1990 and the police do have a duty to investigate. www.health-ni.gov.uk/articles/computer-misuse-act-1990

dammitjanet wrote "Around the same time (a couple of months later) I got sent for an unexpected medical procedure in another county for something I did not have."

This sounds to me like your record might have got confused with someone else's. Perhaps a member of staff added someone else's info by error into your records. Obviously this is not acceptable, but can happen without it being malicious in any way.

Have your records now being corrected about this?