To feel very suspicious of her?

[Suspicious122]

My friend is a dietician for the NHS.
I have been undergoing some treatment at a different hospital than hers. My issue is she seems to know details which she really shouldn't know especially as my issue is nothing to do with her area of knowledge. I am starting to think she has looked at my file. Aibu to ask if this is possible?

@80caloriesofbiscuitplease
Against what alternative source of information are they checked for accuracy? And by whom? I mean isn't that part of the protections that GDPR gives you, that you are able to check the information they hold is accurate?

What do you mean by check that there's no third party information? Data on other patients in your records? Wouldn't that be a GDPR problem anyway - anyone who legitimately looked at your record would see that information on the other patient inappropriately. If the error has been made why would it be legitimate for someone else to access that info, and not you, when the info is being held against your name, and may be affecting your care.

Or does whoever checks the record report it to the ICO each time they see data they have no legitimate reason to see i.e. that doesn't belong to a patient who's made a data access request?

do the Audit OP 🌸

[quote ProcrastinationStation3]@80caloriesofbiscuitplease
Against what alternative source of information are they checked for accuracy? And by whom? I mean isn't that part of the protections that GDPR gives you, that you are able to check the information they hold is accurate?

What do you mean by check that there's no third party information? Data on other patients in your records? Wouldn't that be a GDPR problem anyway - anyone who legitimately looked at your record would see that information on the other patient inappropriately. If the error has been made why would it be legitimate for someone else to access that info, and not you, when the info is being held against your name, and may be affecting your care.

Or does whoever checks the record report it to the ICO each time they see data they have no legitimate reason to see i.e. that doesn't belong to a patient who's made a data access request?[/quote]
Some of the things which concern you apply more to mental health records than to records of physical treatment, where there might be information regarding other family members for instance, or it may be appropriate to record something told to a clinician by a third party.

Items may be redacted from the record if they affect someone else's confidentiality of if disclosure may cause serious harm to the requestor or to another person or persons. There used also to be a clause that said that in some cases the record could only be accessed in the presence of someone suitable to support the requestor and to explain the record but that seems to have vanished.

I think accuracy checks were more important when records were paper. old records get very tatty and dog eared and its sensible to check that pages are there and in order and so on.

I don;t know what you meant by this bit "Wouldn't that be a GDPR problem anyway - anyone who legitimately looked at your record would see that information on the other patient inappropriately. If the error has been made why would it be legitimate for someone else to access that info, and not you, when the info is being held against your name, and may be affecting your care."

I don't know what the system is now, its some 14 years since I retired but when i was working on designing it, there were levels of access depending on need and geography...so eg receptionists could see less than nurses, and people could see records for geographical areas that i worked in. Attempts to log in where you shouldn't were flagged to the system manager whether successful or not. There was also the concept of "pattern recognition" so that if someone viewed something that they were allowed to view but didn't usually, then this would also be flagged and investigated. usually it will be as simple as someone changing department or providing cover at another base of course,

useful link here but a bit old www.themdu.com/guidance-and-advice/journals/inpractice-december-2013/rights-of-access

I don't use my village GP practice as when I did in the past they just seemed so nosey and indiscrete eg asking you personal information in a quiet waiting room full of people or talking on the phone addressing someone by name and then sharing private information for all to hear. It does not inspire trust in their professional standards or respect for confidentiality.

I even find it ridiculous that the pharmacy will say, 'can you just confirm you address' in a room full of people. Err no I don't actually want to announce my address when there's a creepy bloke behind me thanks. I wish they'd think of a better way of verifying who you are.

You would hope the chances of losing your job would be incentive enough not to do something as daft as look at someone else's records in a hospital but receptionists and pharmacists actually have access to quite a bit of sensitive information and are not careful enough imo with what they publicly announce. Eg. oh sorry we are having trouble getting x drug in at the minute so you will have to come back in a few days - thanks for announcing to the room what medication I'm on.

I hope you're wrong about your friend.

I may be sensitive as I work in the same village I live in and don't really need parents of teens I teach knowing what medications I take or where I live.

YANBU, I have a friend who works in NHS admin who routinely does this with family and friends.

It was helpful once when she happened to tell me where an upcoming appointment was, when I thought it was somewhere else.

She also looked up the details of the health condition of someone else we knew and she mentioned it, so I assume it was a regular thing.

It backfired on her in a way, as she knew her dad had terminal cancer before he was told.

In general what has she spoken about to you?
Could you have mentioned something small and she has researched for info?
Either way it sounds unlikely that the relationship will survive.

@me4real

YANBU, I have a friend who works in NHS admin who routinely does this with family and friends.

It was helpful once when she happened to tell me where an upcoming appointment was, when I thought it was somewhere else.

She also looked up the details of the health condition of someone else we knew and she mentioned it, so I assume it was a regular thing.

It backfired on her in a way, as she knew her dad had terminal cancer before he was told.

Its not a usual thing and she should be sacked

@me4real

YANBU, I have a friend who works in NHS admin who routinely does this with family and friends.

It was helpful once when she happened to tell me where an upcoming appointment was, when I thought it was somewhere else.

She also looked up the details of the health condition of someone else we knew and she mentioned it, so I assume it was a regular thing.

It backfired on her in a way, as she knew her dad had terminal cancer before he was told.

are you serious, this is a massive breach 😱

It seemed as if, working in administration, she could just see all of it.

I guess it makes her job less boring.

Where is the auditing in that case, then?

@me4real

It seemed as if, working in administration, she could just see all of it.

I guess it makes her job less boring.

Jeepers

Op, find out the email address for the Information Governance at that trust.

Send an email with your concern. You only need to give your friends initials along with your RMY or NHS number. They will have a look and if it is the case that she has accessed your records, she will be facing disciplinary action.

I worked for HMRC & looking up someone's records you weren't working on was instant dismissal, we couldn't even work on anyone we knew's records, our families & partner or husband/ wife's records had to be moved to a special office & nobody in the regular offices could access their records.

I think there's probably a reasonable explanation for whatever she said to you, and it's unlikely she'd risk her job to snoop around in your medical records. But request the audit if it will make you feel better.

You may as well ask for the audit - either way, this friendship is over.

Option 1 - friend has looked up records which she shouldn't do, is a terrible person, the end.

Option 2 - friend has done nothing wrong and yet has been suspected of carrying out a sackable offence. No trust, the end.

I've worked as a nurse in the NHS for 25 years and it's drilled into us not to do this. Everyone is also made aware that random history checks are done on employees monthly. I doubt she would risk her career for a quick nose. She could know someone who has been involved in your care who may have gossiped to her but this would be impossible to prove. If she is a friend why not just ask her how she knows your personal information?

Dietitians are a small teams within hospitals, most of us do know other local dietitians, but any good one wouldn't discuss your care with her. the accessibility of your records is another matter. Depending on your local hospitals system, could she even access it of she wanted to? Eg many hospitals still us paper notes, and I couldn't access another hospitals electronic notes etc. Are you sure youre not on a standard treatment pathway, eg coeliac and standard gluten free dietary advice would be given to everyone with that condition etc. And she is giving you the same advice as any dietitian would? You also need to remember, dietitians are trained in all specialist areas before focusing on one area, so may have previous knowledge of your condition that you are unaware of. Everyone is made aware this would be a stackable offence

many hospitals still us paper notes, and I couldn't access another hospitals electronic notes etc.

if it were paper notes.. she would definitely have to have sought them out yes?

I hope she hasn't... but would request the order and press charges if she has

If she's accessed your confidential medical records, she will be accessing others. A real friend would never undermine you in this way.

Part of data protection training is that you only look up records you need to access. For example I might have the urge to look up an old patient if I’m wondering how they’re doing now, but I don’t because I don’t need to know that and the purpose would be my own curiosity rather than clinical care.

You absolutely have to report this, instead of asking friend. If her boundaries are this loose she’ll have done it to others too. Don’t delay.

@TheHoneyBadger

I don't use my village GP practice as when I did in the past they just seemed so nosey and indiscrete eg asking you personal information in a quiet waiting room full of people or talking on the phone addressing someone by name and then sharing private information for all to hear. It does not inspire trust in their professional standards or respect for confidentiality.

I even find it ridiculous that the pharmacy will say, 'can you just confirm you address' in a room full of people. Err no I don't actually want to announce my address when there's a creepy bloke behind me thanks. I wish they'd think of a better way of verifying who you are.

You would hope the chances of losing your job would be incentive enough not to do something as daft as look at someone else's records in a hospital but receptionists and pharmacists actually have access to quite a bit of sensitive information and are not careful enough imo with what they publicly announce. Eg. oh sorry we are having trouble getting x drug in at the minute so you will have to come back in a few days - thanks for announcing to the room what medication I'm on.

I hope you're wrong about your friend.

I just say the street name. It’s enough for them. Not going to state my actual address. Or you can take a slip of paper with your address on to pass over to them.

Agree on the meds, I’m always amazed at the info they’ll give out openly in earshot of everyone.

@ProcrastinationStation3

I don't work in the NHS/healthcare, I am curious is what *@TheMawisbraw* saying correct that you aren't even allowed to look at your own records? If so why? Doesn't GDPR give you the right to see what info is held about you at any time, so why would viewing your own records be sackable?

You’d be using your employee access inappropriately. If you wish to see your own records you’d surely need to access in the same way any other member of the public would through request.

I’d seek an audit. If your friend is doing this to you, she’s doing it to others.