Close relative working for NHS and Data protection

They could be sacked for doing so - quite right too!

You can look up anybody who has accessed your records. The details are on any site which holds your medical records.

Absolutely not!
For VERY good reasons.
This is abuse of office... and rightly is a disciplinary offence.
You can access your records through your gp surgery.

Years ago when it was paper records anyone could (in theory and some did) pull a set of notes off a carousel and have a read. There was no way of checking back in the day. Obviously technology moved on and electronic records are now on line. Anyone can access them but a digital record will show the date, time and person who went in.

Sadly, yes. A friend was very ill a few years ago and her ex husband had a good friend who worked at the hospital. Info was passed to him by the friend.

She reported it to PALS but it didn't seem that anything was done. Not sure why. Possibly the friend didn't get the info from the online records, but direct from the ward.

Regardless of how, it was a shocking breach of confidentiality.

Thank you all for replies. If it did show up that someone had looked would anyone necessarily question that especially if the person who has looked is “important”. Has anyone asked to look at their own medical records and how easy was it do so this? Could they see on them people who had accessed their records? Are the ones held by GP on the same thing as those in hospital records? We are more concerned about our hospital records. Can someone who works in a hospital in another part of the country look at records for another hospital? I think this potentially has serious consequences for anyone who has left a violent partner who works in the NHS (they could see where you are living for example)

Thanks Gagajo, just saw your post after writing my last one. It is potentially very dangerous, there should be someone as well as PALS this could be taken to surely.

It should only be someone who is involved in the patient’s care, otherwise it is a breach of privacy laws. If the patient suffers mentally as a consequence they would have grounds to sue for compensation. The hospital should be safeguarding to prevent this happening and it would be a good idea to take it up with the CEO. If no joy write to your MP.

I'm not sure if all hospitals operate in the same way, but I noticed during my recent visits that all records are now held digitally. All staff had a log in card whenever they accessed information or entered any. There would be a digital footprint of all log-ins. The only way an unauthorised person could access information would be to use somebody's log-in or get friendly with somebody with authorised access. Digital records are much safer than the old paper files.

I had access to all test results and notes about appointments and letters sent to the GP via my own patient log-in. There's a button my version of the app to see whether anybody has accessed information. I could choose to share it with other people, if I wanted, but they would have to be authorised users, such as a private clinic. Other hospitals don't have access to hospital records unless the share is authorised.

Incidentally, in England every patient now has the right to see their own medical records, although some GPs are blocking access. If they do, you still have the right to request individual access.

digital.nhs.uk/services/nhs-app/nhs-app-guidance-for-gp-practices/guidance-on-nhs-app-features/accelerating-patient-access-to-their-record/update-from-nhs-england

LadySybil

Thank you all for replies. If it did show up that someone had looked would anyone necessarily question that especially if the person who has looked is “important”. Has anyone asked to look at their own medical records and how easy was it do so this? Could they see on them people who had accessed their records? Are the ones held by GP on the same thing as those in hospital records? We are more concerned about our hospital records. Can someone who works in a hospital in another part of the country look at records for another hospital? I think this potentially has serious consequences for anyone who has left a violent partner who works in the NHS (they could see where you are living for example)

You are asking the wrong people LadySybil. A number of us have NHS experience, but we cannot legitimately advise you of process, we can only tell you little snippets based on what we know of a small number of organisations and our personal experiences. I am uncomfortable with that as a process, at best it is unreliable.

If you have serious concerns you must put them in writing to the Chief Executive of the Health body concerned. You can ask for a generic response under the Freedom of Information Act, or you can name the individual you are concerned about, which information you think they have accessed and ask for a formal investigation.

The best reply on here Casdon! 🏆

I'm not sure whether you want someone to look at your records on your behalf LadySybil, or if you're concerned they might have done so behind your back?

V3ra concerned someone looking at records

Casdon, thank you, I am well aware that this site can not give legal advice but it does give lots of useful suggestions. No one has said anything they should not have said. If you’re not comfortable you don’t have to be involved and if you think there is something inappropriate to the site then you can always report it to standards.

LadySybil

Casdon, thank you, I am well aware that this site can not give legal advice but it does give lots of useful suggestions. No one has said anything they should not have said. If you’re not comfortable you don’t have to be involved and if you think there is something inappropriate to the site then you can always report it to standards.

You are clearly looking for people to back up your suppositions about a potential data breach LadySybil. I’m sorry if you don’t agree with the points I made, but they are the reality of the situation, and I’d advise others to support the approach I’ve suggested, which is the only way you will reach any resolution.

There was a member of our family that would often make up the severity of her illnesses and completely make up other conditions.

When she was in hospital a nurse, known to the family, accessed her records and told the family everything about her health past and present.

The person concerned does not know her records were accessed and that we all know about her making up some really serious conditions.

I found when I moved house and asked my old GP practice for a copy of medical records as it would be helpful to the new surgery I joined. They only went as far back as the 1980's . And all the consultant letters from the 80's and 90's had been destroyed. When asked why they said because they hadn't the space to store them.

Because everything is stored online nothing is safe as anyone can hack your information about anything.

Even deeds to your property are stored online. Didn't know that until I moved as all you get is a letter with your deeds reference number.

The world would grind to a halt is there was no electricity.

I know it doesn't answer your question LadySybil but got me thinking.

Info on the database is accessible only on a “Need to Know” basis. However, all staff from consultant to admin staff have access. In reality no organisation has the time to check every incident of access. It is a sackable offence to look an entry up if you cannot prove your job necessitated the information. I worked with a man who this happened to because he looked up his ex wife’s records and his manager was made aware.

There is a digital record linking the staff member to all searches they have ever made, therefore, if there is a specific need to investigate, the person will be found out. Also similarly, people who know their details are on file can request special privacy restrictions so that no one except a named Senior can access it.

Absolutely that's a No.
Not everyone has access to clinical information you have to have permitted rights for each service application , then it can be traced back to the individual reviewer.

I'm on my Lunch break from doing a Remote Pacemaker Clinic, I have all sorts of access but the IT department know I'm still logged on they can remotely see my work, if needed, and what I have checked out.

LadySybil

Thanks Gagajo, just saw your post after writing my last one. It is potentially very dangerous, there should be someone as well as PALS this could be taken to surely.

Your first step should be to contact the hospital and ask them to look up everybody who has accessed your records, which shouldn't be too difficult.

If you have proof that somebody has accessed your records without authorisation, you should contact the Information Commissioner's Office, who investigate breaches of data protection. If you are intending to take legal action, it would be a good idea to get a solicitor.

I retired from the NHS 3 years ago. To access a computer you had to have Smart Card. I worked in a hospital and as an administrator I only had access at a certain level. But could read patients letters and diagnosis. I could find a patients NHS number nationally if required but not access any other information. Ever Smart card was limited to your pay grade to what you can access. A consultants secretary may have more than standard ‘need to know’ access.

Oh and every time you accessed a patients records it left a trail. So was traceable if accessed even accidentally.

If the are caught looking up patients notes that they are not required for then they can be sacked. Searches can do done to see what each person is searching for so it can be proved if necessary. Depending on the job they do they could well have access to your records.

Type GDPR NHS into google to find lots of information. There’s the nhs and gov.uk website too. The link is below. scroll down to ‘abuse of privilege’. If you do make a query they have up to a month to respond, but only up to 72 hours to decide what action is needed and who should be informed. I’m no expert but that’s the gist.
cfa.nhs.uk/about-nhscfa/information-hub/data-protection/confidentiality-policy