Maternity records GDPR Breech

[LittleGungHo]

AIBU to be cynical as to why my maternity records have gone missing and what can I do about it?

I have a rubbish birth with my DS in Jan this year. My womb collapsed and I was rushed into surgery post birth. The ballon they fitted worked and was removed but they left the 'packing' inside me.

I applied for my maternity notes last month and they should have been with me tomorrow but I was told yesterday 'we can't find them, the consultant does not have them, they may have been intercepted'.

I was meant to have a consultant appointment tomorrow to have a birth debrief and to find out if I can safely have more children. This has now had to be postponed until they find the notes.

Is this a GDPR breech?
Have they 'lost' them on purpose as there is significant medical negligence?

Help!

@LittleGungHo Please don't think I'm suggesting your case is minor. My comment was an attempt to reassure you that it's far more likely to be human error rather than a deliberate loss. There's still hope that the notes will turn up when someone finally gets round to a clear out in the place they've been left.

@Heronatemygoldfish

Information governance person here.

There are three types of breach: confidentiality (where info is lost, stolen, goes where it's not supposed to or is seen by unauthorised persons) availability (when it's not there when needed) and integrity (where the data is wrong).

Yours is a classic availability breach: the NHS is obliged to report these to the NHS Digital Data Security and Protection Toolkit. This is what the guidance says:

"Availability breach example
Unauthorised or accidental loss of access to, or destruction of, personal data - In the context of a hospital, if critical medical data about patients are unavailable, even temporarily, this could present a risk to individuals’ rights and freedoms; for example, operations may be cancelled. This is to be classified as an availability breach."

This is useful.

What is the impact of reporting it on the hospital?

@MilduraS no offence taken at all. You gave me a good perspective 👍

My maternity notes went missing but it turned out a consultant had pulled them as i’d requested a debrief and had seen her the day before for some postnatal care - she was being proactive. I think the PALS lady was as shocked as me. Even then the record keeping hadn’t been good during labour so some key questions remain unanswered but the consultant was very helpful nonetheless.

If you haven’t already, write up your memories of the birth and ask your husband to do the same. The notes were one part of the picture but our memories were important during the debrief too.

@LittleGungHo All Incidents entered into the Toolkit have to have a declaration of whether your rights and freedoms have been infringed. In this case I'd say they would have been as you have been seriously inconvenienced and it could have long-standing repercussions if they don't magically turn up, as then there would be no record. If that's the case the Toolkit may report onwards to the ICO.

ICO possibly won't do anything, but the IG team would be also be obliged to report the Incident to the Trust Board who, if it also comes with a formal letter of complaint, might have to do an investigation. If the ICO does decide to do something, the maximum penalty for a reportable breach is £17.5million. OK that's more likely for "someone losing an unencrypted laptop full of personal medical information for hundreds of people on a train" sort of thing. But any fine is an embarrassment.

Oh and they have 72 hours to do the investigation and report once they've realised they have a breach. Including weekends.

My guess is they haven't been "lost" per se, they just haven't been located yet.

When there's questions to be answered around a case/incident/complaint/report etc it can involve numerous departments and consultants, each of who will require the notes for review. Assuming they're not digital of course.

The department (probably the legal dept) who deals with your request for copy records will have raised it internally and all involved will be checking their areas. Medical records will likely also be involved to track and trace them down.

In my experience (working in legal) it is very rare that notes are never found. It can just take some time.

I would expect that you should be receiving regular updates as to where the search is up to. If this isn't happening you can escalate it to the Information Governance Team or customer care. I'd go IG first as most CC teams are swamped with backlog atm.

Hope you find the answers you're looking for and receive an informative de-brief

If they're paper notes, the likeliest scenario is that someone has just failed to fill in the tracking system correctly, so when someone else has gone to retrieve them the notes haven't been where they should be according to the tracking system. It's not acceptable, but it almost certainly won't be personal. If they aren't able to reassure you and give you the information you need when you next speak with them, you can raise it as an issue with the hospital as this would constitute a data breach as previous posters have said. Hospitals should take data breaches seriously and do a thorough search to locate the notes; it could also help other people if through looking into your case someone identifies an issue with their tracking system or data handling processes, as the hospital would then need to address this.

I hope you get some answers. It's an awful feeling to be left waiting for an explanation.

Its not acceptable to just lose notes. I don't just "lose" my service user casnotes. They need to get off their bottoms and start searching. Its personal highly sensitive information do not accept loss. Kick up a fuss and act coz its not acceptable its not the kind of thing you want in the hands of the publc. I'd be bollocked for that.

So they have sent me a Notice of Delay letter but they have emailed to say the notes are missing and they have contacted all departments. The letter said they are 'in use' so can not be sent.

I have asked for the letter to be amended to say they are currently missing not 'in use' and a timeline on when they will next be in touch.