Near miss data breach - DD’s NHS appointment letter.

[user1488481370]

DD (8) was referred to a continence nurse around 7/8 months ago now as she’s still wet on a night.

Difficulty being that one of the continence nurses in the area is our next door neighbour (shes also my partner’s brother’s girlfriend) who has made our lives hell for the last couple of years. So much so they the police have been involved on numerous occasions and she’s been interviewed and cautioned. When I asked for DD to be referred, I explicitly asked that this person had nothing to do with her care.
We got a lovely nurse and DD has made great progress with her.

Said nurse always sends appointments letters, we’ve had numerous letters so far - they have always had the correct address on them.

The latest letter, however, has said neighbour’s address on. I’m so suspicious and really smell a rat. I’ve asked others opinions and they smell a rat too but I wanted the over all consensus from a bunch of anonymous people who will give it to me straight and perhaps won’t humour me and my anxious mind.

Its only because we had a new postie that the letter wasn’t delivered to their house.

I rang the appropriate department last week and asked which address they had on file for DD. They read out the correct address and even simulated a letter to see which address appeared and again, it was the correct one. Lady on the phone was very apologetic and has put a note on the system about the address.

My neighbour really, really has it in for us, without going into too much detail. I’m so paranoid that she’s somehow changed DD’s address on the system, sent the letter and then changed it back again. I just can’t understand how this letter has their address on it. Even the lady I spoke to was perplexed. I want it investigating but are these things traceable? Is it a waste of time?

There should be an audit trail on the computer system of which user IDs have had access and what actions and when have been taken. You could ask that the IT department check and see if there has been any address changes on the system and who has undertaken these. You don't need to mention any suspicions about who or why.

This makes no sense. If this person had wanted to find out about your daughters medical condition, all she needed to do was to access her records. To go to the lengths of accessing her records and change her address then go back and change it again is nonsense. Admin staff send out letters from hospital or GP surgeries. In my area, the incontinence team are based in a Health Centre, not a hospital.
I think your imagination is working overtime.

Being as it’s a house name and not a number, I’m inclined to agree that someone has done something.

Report it. Let them investigate.

But why would they be entering the address at all if the system automatically puts the address on the letter?

I'm guessing your partner doesn't get along with his brother if he's not reigning in gf and her nutty ways.

Report this to their data protection officer though the staff member you spoke to should have done this already. They can check the audit trails to see if someone has changed the record or not.

@user1488481370 I just wanted to put this here again. It sounds like sensible advice.

Possibly neighbour did this as part of nosing about. If she knows, by chance, that your DD is a patient then she may have been nosing for details.

While logically she knows that this is a sackable offence her nosiness and aggression may have got the better of her.

OP in our Trust there are lots of safeguards built into the system.

One of them is if a member of staff with the same postcode as the patient accesses the record it flags up to the team who monitor access. So if this is the case in your area it may already be being investigated.

But as others have said there's no harm in you putting in complaint about wrong address and asking for how this came about to be investigated so it doesn't happen again

Then you ought to know the correct procedure which is NOT accuse someone with no proof by 'going to the Head of department'

Don't assume that she wouldn't be so stupid. I'm always surprised just how stupid people can be.

Also, she should have declared her caution to the NMC www.nmc.org.uk/ftp-library/understanding-fitness-to-practise/fitness-to-practise-allegations/criminal-convictions-and-cautions/
You might want to check that she's done this.

Complain, but you don’t need to name drop the individual, kick up enough fuss about it being a data protection issue please, and raise it to their Caldecott guardian.

if the person in question did access the file she will likely get a severe reprimand or sacked, they can tell who’s accessed the file

But that's not how an organisation stores data. They don't search for it each time, they just use the data that's already stored on the system. What you are describing is what happens when an address is first entered The poster has received several letters so this wouldn't apply now.

Report the data breach. You don’t need to mention your suspicions.

Just ask the NHS to investigate, don't go in naming names etc just say your concerned about the potential data breech and would like to know how it happened, with the strictest of confidence.
It won't (well shouldn't) even get back to her to say you have raised this, only if she's done something will something happen.

Have you a parents address you could request correspondence to? That way no chance of a slip up.

of course report. When accessing NHS records of not on your patient list you have to give a reason why you are accessing records. In the trust I work in a number of people were sacked after a high profile case and stupid staff wanted to be nosey

we get letters addressed to the building next door, we have the same postcode. So it’s the name of the building that is sometimes wrong and often happens with letters from government departments DWP etc, we have never got to the bottom of why but it was suggested that as they receive more post their building name comes up first when adding the postcode and then not corrected (both NHS buildings)

If her address is in her record correctly, letters can't be printed out incorrectly. Our trust uses an off site post service - we send the letter electronically to them and it gets printed off and posted there. (That probably won't be the same if the letter came from a GP surgery or community health) Either way, though, if her address was different for that one letter, it has been changed temporarily in her record. Every time someone accesses a patient's record, it is recorded, with their name and their log on, we can't access the system without entering our log on identity. Put your complaint in writing, contact PALS, and take it as high as it can go.

I don't work in the NHS but in the justice system. I had to hear an investigation last year where someone had inappropriately accessed an offender record, they were fired.
Not sure if this is possible on NHS systems, but it's possible on ours to restrict access, to protect the offender but also members of staff who could be accused of impropriety. It can be done in two ways, either named individuals can be based from accessing a specific record, or everyone barring the practitioner dealing with the case, their manager and a specified senior admin can all be blocked, this is more common if it involves someone high profile or someone will known to the staging group such as a former member of staff or a member of staff's family member/partner. For instance one of our admin was the victim of DA that record is sealed.
Report without accusation, that you believe your data has been compromised, and want it investigated. You have reason to believe a member of staff may have accessed your record inappropriately, but require confidentiality due to potential risk if they become aware before a conclusion is reached.

Just saying this again:
It is not PALS for this issue. It is the Caldicott Guardian. In this situation it is important to involve as few people as possible.

@endofthelinefinally definitely taking your advice. I had no idea about the Caldicott Guardian and think I’ve managed to find our trusts.

So the overall consensus is to take it further which I ought to do which is what I’d been advised to do anyway.

This woman really is unhinged. For context, she’s put glass around our children’s toys and comes back from nights out and howls at ridiculous times on a morning with the intention of setting their and our dogs off and waking our children up.

I just really don’t know what to think anymore.

@endofthelinefinally and thank you. I had no idea such a person existed so I’m pleased I started this thread now. No name dropping. No accusations just, how has this happened please.

A pp said that they had an addressing issue last week and some addresses had to be entered manually.

At my place, you enter a postcode and it gives you a list of house numbers/names at that postcode. It would be easy to click on the wrong one.

It needs flagging - has already been flagged by op in fact - but I don't think the conspiracy theories will prove accurate.

It’s scary that this lady is a nurse!

Can you film her when she does that so you can report her?

No advice other than to hope the process described leads to action being taken.

@Quia yes, I’ve caught her on film doing the above mentioned.

@justfiveminutes i initially thought that this was what had happened to be honest.