Help end medical misogyny. Sign our petition.

Help end medical misogyny.
Sign our petition.

Sign the petition

Please or to access all these features

AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

NHS staff accessing medical records inappropriately in high profile or tragic news stories.

224 replies

HavfrueDenizKisi · 26/06/2026 12:02

What the hell is wrong with people who work for the NHS and still somehow think it’s ok to voyeuristically access the medical records of patients who have been in the news?

Just read this article about 40 members of staff being investigated over the inappropriate viewing of this poor boy’s medical records. Read a similar article a few weeks back about the medical records of the victims of the Nottingham attack being accessed. Something like 11 people were sacked and 12 given final warnings about that (somehow suggesting it wasn’t their first time doing so).

Surely it is pretty fucking clear when you start working for the NHS that this is Absolutely Not Allowed. Plus it must be clear that there is a digital trail left behind of anyone accessing records. Honestly the mind boggles.

Link to article on BBC:

https://www.bbc.co.uk/news/articles/cvg5kvpdd15o

A uniformed police office stands in front of a bricked barn has a car park outside the front on the left. There is a fence on the right which opens into a court yard and there are signs on the door. There is a police car parked in the car park.

Crocodile attack: Hospital probe after boy's records accessed

Cambridge University Hospitals refers itself to the Information Commissioner over the breach.

https://www.bbc.co.uk/news/articles/cvg5kvpdd15o

OP posts:
Possiblyfamous · 26/06/2026 14:22

NowSober · 26/06/2026 14:13

And you should never be using another persons account

Do you work in a clinical role in the NHS? Do you know how crappy the systems we have to use are? If I had to log in every time I walked up to a PC I would never get the work done because it takes so long. We all leave the PCs logged or work would be impossible.

There is a difference between theory & practise.

We’re reported if we do that and recognise that anything that is connected to my S1 card is down to me and my responsibility. No one on my unit would leave their card in the reader!

Puzzledandpissedoff · 26/06/2026 14:24

TallulahBetty · 26/06/2026 12:47

I wonder why some get sacked and some just have 'retraining'? Surely if it is gross misconduct then that is that.

In the case of the Nottingham Trust, I strongly suspect the claimed sackings - which frankly amazed me - had a lot to do with the appalling mess they're in over maternity provision and the need to be seen "doing something"

A family member who works for the local hospital's Information Governance team also informs me that there's a cultural element involved, in that a minority regard the need to "know what their own family members (usually women) are up to" counts for far more than professional requirements, and that with cultural sensitivities being what they are a veil will often be drawn over these

Edited to add there's also a cost element here, in that someone with extensive mediical training will always be much harder to replace than some others

Grandmistress991 · 26/06/2026 14:24

..as an ex nurse I know this is a stackable offence and it was made crystal clear to all staff from the outset. Yet we have Palantir accessing and likely abusing people's personal data within the nhs.
So if you dont like the situation where healthcare workers not.involved in your care access your health record then you really need to familiarise yourself about the absolute shxtshow that is Palantir.

godmum56 · 26/06/2026 14:25

NeverDropYourMooncup · 26/06/2026 14:10

Back in the Dark Ages of the late 90s/early 2000s, being trained on systems to look up records and reports didn't have practice entries and at several hospitals, I was told 'just use a member of your family'.

Obviously things have changed hugely since those days and anybody with a braincell would know that it's been tracked for many years. Thick people who think they won't be found out exist everywhere.

I was involved in the creation of one of those systems locally and one of the things I was asked to do was to create a collection of obviously dummy names for clinicians and "patients" these were first used in a "sandbox" database and then temporarily added to the real thing.

NowSober · 26/06/2026 14:28

Possiblyfamous · 26/06/2026 14:22

We’re reported if we do that and recognise that anything that is connected to my S1 card is down to me and my responsibility. No one on my unit would leave their card in the reader!

No one on my unit would leave their card in the reader!

That isn't how our systems worked. Card reader is required for accessing GP prescription data but username/password for logging in to PC then another username/password to access patient records & another separate log in to path lab system for lab results & another separate log in to radiology system for X-rays, MRIs, CTs etc

DotterOfBendigeidfran · 26/06/2026 14:35

FilmsandBooks · 26/06/2026 12:10

It's not just in high-profile cases, either. Every time you mention it on here, you get people saying staff would never risk their jobs to look at medical records, but they do it all the time.

The number of times I heard the receptionists at my local GP talking about patients when I worked in a cafe as a teen was wild, and I've come across that kind of thing many more times over the years.

I agree. I got taken to a medical appointment lately and the volunteer car driver told me that he was divorcing his wife who is a nurse and she has accessed his medical records and printed them off and handed them to various people in his life.

WTF!

I think this is far more common than we all think.

godmum56 · 26/06/2026 14:39

Did he do anything about it? Apart from divorce her that is?

HRTQueen · 26/06/2026 14:39

NowSober · 26/06/2026 14:13

And you should never be using another persons account

Do you work in a clinical role in the NHS? Do you know how crappy the systems we have to use are? If I had to log in every time I walked up to a PC I would never get the work done because it takes so long. We all leave the PCs logged or work would be impossible.

There is a difference between theory & practise.

Yes I do

I am well aware how crappy they are

And I know the rules and the importance of the rules and why they are put in place, which apparently has bypassed you

catzrulz · 26/06/2026 14:40

Not quite the same, in my LA "high profile" and sometimes children's cases are only able to be accessed by over-riding the system and you have to give a reason for accessing the file.
This is scrutinised very regularly, and was an easy system to implement.

Lifeomars · 26/06/2026 14:41

Oddly in all my years of having access to confidential records (Criminal Justice system, Youth Offending Team and the NHS) and all these roles have included a few high profile cases, I have never had the urge to pry and snoop. Guess I am just a boring principled person who affords to others the privacy I want for myself and my loved ones. I also have enough intelligence to realise that I would get caught. Hope this explains why people don't do this

NowSober · 26/06/2026 14:42

HRTQueen · 26/06/2026 14:39

Yes I do

I am well aware how crappy they are

And I know the rules and the importance of the rules and why they are put in place, which apparently has bypassed you

And I know the rules and the importance of the rules and why they are put in place, which apparently has bypassed you

Me too. Unfortunately until we have new a computer system we just have to muck along with what we have even though everyone knows that we are breaking the rules.

TorturedParentsDepartment · 26/06/2026 14:43

It's not stressed strongly enough in our Trust. I'm very careful - lock my laptop every time I move away from it, make sure I'm only in records with a reason to be (I sometimes sit on meetings where I need to be in and out of patient records not on my caseload - incoming referrals etc - but if I needed to, the meeting attendance would verify why I was in the patient record) and I'm incredibly aware of digital footprints... but it hadn't occurred to a very senior colleague of mine until recently!

And let's face it - the mandatory training we do each year on this is absolute shite everyone just guesses the quiz answers for.

NeverDropYourMooncup · 26/06/2026 14:45

Puzzledandpissedoff · 26/06/2026 14:24

In the case of the Nottingham Trust, I strongly suspect the claimed sackings - which frankly amazed me - had a lot to do with the appalling mess they're in over maternity provision and the need to be seen "doing something"

A family member who works for the local hospital's Information Governance team also informs me that there's a cultural element involved, in that a minority regard the need to "know what their own family members (usually women) are up to" counts for far more than professional requirements, and that with cultural sensitivities being what they are a veil will often be drawn over these

Edited to add there's also a cost element here, in that someone with extensive mediical training will always be much harder to replace than some others

Edited

I suspect that this has come about as part of trying to identify whistleblowers.

DistantEarlyWarning · 26/06/2026 14:52

Error404FucksNotFound · 26/06/2026 13:54

Really?
Fuck me they must be as thick as pigshit then.

Absolutely. I despair.

Isitevensummer · 26/06/2026 14:56

There's a lot of stupid people in the world, and as such a big employer, some work for the NHS. It's fundamentally stupid and plain wrong, and I can't imagine how people think they will get away with it. I also can't imagine why you'd want to do this in the first place.

AutumnLover1990 · 26/06/2026 14:57

They are fully aware of the repercussions if they snooped on patient records and still they did it 😡. They deserve everything they get and I hope they never work for the NHS again 😡

HoppingPavlova · 26/06/2026 15:01

At the end of the day, with a trauma case requiring multi-disciplinary support, 40 doesn’t seem too unreasonable. However, I think the thing is, this isn’t ‘at the end of the day’ but earlier on which does raise a flag. The investigation may find issues, or not.

godmum56 · 26/06/2026 15:06

NeverDropYourMooncup · 26/06/2026 14:45

I suspect that this has come about as part of trying to identify whistleblowers.

who would be trying to identify the whistle blowers in this way? I mean the governance people will know who they are and those accused won't find out by accessing patient records?

MaturingCheeseball · 26/06/2026 15:09

Rather encouragingly, I suppose, is that there are not more of them. Many famous people have “unexpectedly” died, and the Press never rumoured their illnesses beforehand - either medical staff have ethics, or the Press do!

With Kate Middleton, apparently, her notes were under a false name known only to a core few, so those searching for variations of Catherine/Princess of Wales etc were easily apprehended.

NowSober · 26/06/2026 15:10

The Nottingham University Hospitals (NUH) NHS Trust CEO as an aside in a radio interview mentioned that they have over a hundred members of staff under investigation by their respective regulatory bodies. It sounds like a large number but they employ getting on for 20,000 people so who knows?

Askingforafriendtoday · 26/06/2026 15:11

I think the outcome of the investigation will be interesting. Innocent until proven guilty. There will be many, nany members of staff directly involved in this young boy's care

hyggetyggedotorg · 26/06/2026 15:17

igelkott2026 · 26/06/2026 12:25

I wondered if anyone was going to raise this because I've seen threads on here too. For example overbearing MIL who works as GP receptionist and DIL is concerned she can access records about IVF.

The usual response is that you would never do it because you would get sacked.

So I guess people do do it and they do get sacked. You can't do much more than take someone's livelihood away, unless it's such as grave breach that the person gets prosecuted too, but that's usually for things like selling personal information.

DIL can ask for her GP record to be restricted so that only clinicians & usually the Reception Manager can access it.

GeorginaWilby · 26/06/2026 15:32

I'm in the states. This happened over 40 years ago. I was a lab tech at a very small rural hospital in a community of <1,000 people. There were no computers in hospitals back then.

It is very quiet here. We'd only get someone show up at the ER (A&E) maybe once or twice a week at night. I was called in late one night to do some labs on a teenage girl. Long story short, it got weird. Only one RN, a male was on duty. A female RN was called in as there was some chaos. The X-rays images caused the tech to come rushing out into the hallway looking very worried, He called for back-up and the patient ran into a bathroom and wouldn't come out. Once they took the hinges off the door, the on-call doctor asked me to go into the ER with him and the female RN for moral support. The girl,15, had been diabolically sexually abused. The doctor came into my lab for privacy, away from the male RN I guess, to call another doc in the county, at an ER about 40 miles away. It puzzled me at the time. When things settled down and I was wrapping up to go home, the male RN came into the lab and spewed the nastiest gossip about this teenage girl and her family. I was shocked. I'd already forgotten the girl's name.

Next morning I went into work and see several people, some not even working that day, gathered inside the nurses station reading a file. This went on for a while, people, some in street clothes, coming into read that same file and gossiping excitedly. I avoided going to this hospital or clinic for any healthcare after that. I'd travel the 40 miles to the next rural hospital, I still do.

The two hotbeds of gossip in the area are the hospital and school. This is well known. My grandson's mother was psychotic. She was institutionalized for more than 18 months after she gave birth. My son and she divorced and he has full custody of his son. The baby is now almost 4 and has been raised by me and my son since he was 2 months old. We've tried to keep the horrible & sad facts about his mother private, for my little grandsons sake. We're trying to get him into pre-preschool this fall as he doesn't speak, at all. Not a single word. At the meeting at the school, we were told we need to provide his medical records and a copy of the court's parenting plan. These will contain details I don't want everyone in the community knowing. It will become public knowledge because it's pure fodder for the gossipy nature of the people here. We gave a brief summery to the speech therapist of who was raising my grandson. As soon as the special education teacher walked in the speech therapist told her, "The poor little guy only sees his mother twice a month for a few hours of supervised visits". (As if that was maybe the reason he can't talk). I thought, 'Oh shit, here we go'. The school is tiny. Maybe 12 to 14 kids in each year.

godmum56 · 26/06/2026 15:49

GeorginaWilby · 26/06/2026 15:32

I'm in the states. This happened over 40 years ago. I was a lab tech at a very small rural hospital in a community of <1,000 people. There were no computers in hospitals back then.

It is very quiet here. We'd only get someone show up at the ER (A&E) maybe once or twice a week at night. I was called in late one night to do some labs on a teenage girl. Long story short, it got weird. Only one RN, a male was on duty. A female RN was called in as there was some chaos. The X-rays images caused the tech to come rushing out into the hallway looking very worried, He called for back-up and the patient ran into a bathroom and wouldn't come out. Once they took the hinges off the door, the on-call doctor asked me to go into the ER with him and the female RN for moral support. The girl,15, had been diabolically sexually abused. The doctor came into my lab for privacy, away from the male RN I guess, to call another doc in the county, at an ER about 40 miles away. It puzzled me at the time. When things settled down and I was wrapping up to go home, the male RN came into the lab and spewed the nastiest gossip about this teenage girl and her family. I was shocked. I'd already forgotten the girl's name.

Next morning I went into work and see several people, some not even working that day, gathered inside the nurses station reading a file. This went on for a while, people, some in street clothes, coming into read that same file and gossiping excitedly. I avoided going to this hospital or clinic for any healthcare after that. I'd travel the 40 miles to the next rural hospital, I still do.

The two hotbeds of gossip in the area are the hospital and school. This is well known. My grandson's mother was psychotic. She was institutionalized for more than 18 months after she gave birth. My son and she divorced and he has full custody of his son. The baby is now almost 4 and has been raised by me and my son since he was 2 months old. We've tried to keep the horrible & sad facts about his mother private, for my little grandsons sake. We're trying to get him into pre-preschool this fall as he doesn't speak, at all. Not a single word. At the meeting at the school, we were told we need to provide his medical records and a copy of the court's parenting plan. These will contain details I don't want everyone in the community knowing. It will become public knowledge because it's pure fodder for the gossipy nature of the people here. We gave a brief summery to the speech therapist of who was raising my grandson. As soon as the special education teacher walked in the speech therapist told her, "The poor little guy only sees his mother twice a month for a few hours of supervised visits". (As if that was maybe the reason he can't talk). I thought, 'Oh shit, here we go'. The school is tiny. Maybe 12 to 14 kids in each year.

I have said this before on here that before electronic records, there was zero control in hospitals over who saw what. As a health care professional in a national uniform, I could have walked into any local hospital (maybe nationally) and picked up any file I wanted from the trolley and I bet no one would have questioned me. its possible that a white coat and a stethoscope would have had a similar effect. I could have written in that file and signed the note with a fake name. NHS files were often kept in secure warehouses if hospitals didn't have room (and medical records departments needed to be VAST) The file were retrieved and carried to the requestor via a van service. yes the same rules applied about unauthorised access and information sharing but it was impossible to police or control.

TBC99 · 26/06/2026 16:42

Error404FucksNotFound · 26/06/2026 12:39

People are flawed in many ways and often cant be trusted.
Perhaps there should be a change in the system where you have to use a personal code to access a record and check a box to confirm the reason. Might make people think twice.

This is exactly what happens. All staff have a personal log in which is traceable back to them, and you have to enter a specific reason if you are trying to access a record where you don't have permission, because the person is not on your team caseload for example.

The rules are made very clear to all NHS staff, but people are flawed and sometimes do the wrong thing. They pay the price if caught in a random audit.