Question about NHS staff looking themselves up on medical system

[whatisdrowsybutawake]

Hi, my DH is a newly qualified mental health psychiatrist and has been employed by NHS (Scotland) for few months. I have name changed for this post.

He admitted yesterday that out of curiosity he looked himself up on the system, and was able to access records from when he received treatment for his own mental health. He quickly realised this was inappropriate and is now very worried that this will be picked up in an audit and he could face disciplinary.

Does anyone have experience of this, or know if he is likely to be caught? He is unsure whether to raise it with his manager or just keep quiet about it. Thanks

There may also be information about other patients in there - not massively common, but for example our transplant workup MDMs often contain information about both the recipient and the potential donor, which might be the recipient’s family member. The documentation of the MDM will be in both sets of notes, as it needs to be.

In psychiatric notes, there may well be information about discussions with family that the family member want to be kept confidential - for example if it was your mum whose collateral history contributed to you being sectioned, it could damage your relationship with her if you didn’t agree it was in your best interests.

There are also often resuscitation discussion with family members - again, the patient may be upset by what was said.

When I was in a job with nhs medical records access we were given training and warned in advance it was a disciplinary

Surely you own your own data so why isn’t it allowed?

How does it get picked up? I'm so intrigued by this as I'm sure a nursing friend accessed my records in 2019.

She seemed to know a lot of my blood results and had knowledge about my overall health.

But nothing was automatically "flagged" and she moved to a different trust very soon after.

I've always hoped that it was just a coincidence /mystic megness. And would they contact the patient to say "your records have been accessed etc etc" ?

So cool. I'd love to work for the NHS doing techie stuff! (No such jobs here though!)

Ex NHS HR Director.

If I had a £ for every person I had dismissed for this…..

@Aotocadelite, it would be either a report generated by the user name being identical to the name searched, or a package like Idea used in all govt departments, banks etc for which you write macros that can then churn through massive volumes of data and pull out all sorts of info.

Audit system assesses who people access in relation to themselves.

It spots if you search the records of yourself or anyone in your line management chain. If it spots unusual patterns of access it would be flagged. We had one manager access the maternity info for a member of staff. It flagged because they didn’t have anything to do with maternity services.

It wouldn’t know who was friends with who so probably wouldn’t automatically flag unless there was something strange about the areas being accessed or the frequency.

I'm sure this will get discovered and he will face some sort of disciplinary action.

However I would also question why the IT team had not put some sort of marker on to prevent him looking himself up. I'm not NHS but worked in the public sector and our IT system was allegedly able to do this. I say allegedly as it was what we were told - I never actually tried it.

Because it’s not free access.

if you worked for a bank do you think you could as their systems to check your own account? (Also no.)

The IT systems will have a set of 'flags' that are automatically raised under certain conditions.

For example - every member of staff might be flagged if they're record is accessed whilst outside of a care episode -i.e. not currently a patient in hospital or being seen in outpatients.

Accessing your own record would be automatically flagged.

Celebrities can be manually added to the flagged lists - Rumour has it that over 2000 people accessed Gerard Houllier's (Liverpool Football Manager) record when he was admitted with his aneurysm during a televised match.

I don't think there's anyway of a system flagging simple friends or acquaintances, or probably even relatives automatically unless they had the same address.

If a record is flagged there will be a usually be a very quick check to gauge whether it was legitimate or not - for example if a flag was raised that MrFixTheBone accessed a member of staff's foot x-ray it would be determined very quickly if that person had been referred to me, or had been seen in one of my clinics for example.

One of the support workers looked up a friends child's details who was an inpatient on another ward. The parents had mentioned it to staff as they were concerned that she knew more than they did. I think she got a ticking off. But she's still working.

Really? Because I have seen nurses have a full on physical fight in front of a patient and not get fired. I’ve seen terrible bullying and no firings, I’ve seen liars get caught out and not get fired. You’ve really successfully fired people for this?

Absolutely this.

Trust me. It would be redacted. They are not entitled to it. I've seen plenty of these requests in my department so know that Improbalecat is right in saying any notes obtained properly would likely be heavily redacted.

This is literally the first thing they teach you not to do, and then they drill it into you over and over and over and over and over. Repeat ad nauseum.

Your DH knew damn well what he was doing and knows he abused the system. He needs to get ahead of it or they will know he was trying to hide that he did it when they audit.

You absolutely cannot do this and he would know that.

Was coming on here to say it's not as big a deal as everyone is making out, I looked at my records several times (yes, as a doctor gasp) and nothing ever happened.

But then remember I was using a colleagues login for pathology and another's for radiology for about 3 years so wouldn't have flagged anyway.

Thank goodness!
(awaits mumsnetters having a breakdown over my lack of ethics)

In my last Trust, there was someone getting sacked in my division for this at least once per month. When it was someone else's records it was gross misconduct. Not sure if you might get leniency for yourself eg. A warning.

It will either get flagged by the system or it won't. I wouldn't suggest he raises it in case it doesn't get noticed. But certainly in a lot of Trusts this would be identified. Spot checks were done on who was accessing records and people of the same surname would be one of the checks eg. Someone looking up a family member, but this would also show if you had looked up yourself.

Cool! Thanks for the replies!! It's so interesting :)

Sorry OP for hijacking!

No problem, always good to share info that might be of use to others.

Thanks again everyone for the detailed responses.

I have known several staff look at their own notes and all of them still have their registration numbers 😊

Shouldn’t happen but it’s not the same as looking up the records of someone else whose care you’re not involved with.

op I doubt anything bad will happen to your partner for doing this once unless it’s part of a bigger picture. Telling his manager was the right thing to do

Holier than thou mumsnet
Yeah you're not supposed to do it. I'd say there is a good chance absolutely nothing will happen as a consequence. Although now he is reporting himself, then obviously someone will feel obliged to tell him off. I doubt it's a sackable offence (let's hope) and now he definitely won't do it again.

Our IG department run a report each month, they then email the offenders and, I think for a first offence, it's just a virtual slap on the wrist and a "don't do it again" telling off

People have been sacked, but that's usually when they've looked up ex's or family members and used the information for dubious purposes...

Is it? There's loads of stuff missing on mine

You can't just freely access your own records in case there is something doctors don't want you to see. Imagine you have some neuro symptoms and think it might be a migraine. The doctor may consider that one possibility is a brain tumour. However, you also have severe depression or very high blood pressure and they don't want to tell you this as it could be very dangerous for you. They order an MRI scan and it if was a brain tumour they would tell you, but if not, you have been spared the stress and raised blood pressure which could have been fatal. If you see them speculating it could have devastating consequences.
There are also safeguarding issues such as an abusive partner looking up themselves or their child and potentially finding out where their ex is living and then finding and killing them.
Also, medical records are for staff. When explaining things to patients face to face, clinicians will often go into more depth and provide more information. Just getting that minimal information without context could be distressing.
Usually, you are allowed to see all your records if you go through the right channels, but sometimes a doctor needs to check first that there is nothing in the them could cause unnecessary harm.