Help end medical misogyny. Sign our petition.

Help end medical misogyny.
Sign our petition.

Sign the petition

Please or to access all these features

AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

NHS staff accessing medical records inappropriately in high profile or tragic news stories.

224 replies

HavfrueDenizKisi · 26/06/2026 12:02

What the hell is wrong with people who work for the NHS and still somehow think it’s ok to voyeuristically access the medical records of patients who have been in the news?

Just read this article about 40 members of staff being investigated over the inappropriate viewing of this poor boy’s medical records. Read a similar article a few weeks back about the medical records of the victims of the Nottingham attack being accessed. Something like 11 people were sacked and 12 given final warnings about that (somehow suggesting it wasn’t their first time doing so).

Surely it is pretty fucking clear when you start working for the NHS that this is Absolutely Not Allowed. Plus it must be clear that there is a digital trail left behind of anyone accessing records. Honestly the mind boggles.

Link to article on BBC:

https://www.bbc.co.uk/news/articles/cvg5kvpdd15o

A uniformed police office stands in front of a bricked barn has a car park outside the front on the left. There is a fence on the right which opens into a court yard and there are signs on the door. There is a police car parked in the car park.

Crocodile attack: Hospital probe after boy's records accessed

Cambridge University Hospitals refers itself to the Information Commissioner over the breach.

https://www.bbc.co.uk/news/articles/cvg5kvpdd15o

OP posts:
rockstarshoes · 26/06/2026 23:09

I don’t get this! People were sacked from Revenue & Customs 25 years ago for using the search system on the computer to look up Post Codes for their Christmas card lists! Never mind looking up how much their friends earnt!
it’s just baffling that people think just because you can physically look at someone’s medical records that it’s ok to look!

tttigress · 26/06/2026 23:14

rockstarshoes · 26/06/2026 23:09

I don’t get this! People were sacked from Revenue & Customs 25 years ago for using the search system on the computer to look up Post Codes for their Christmas card lists! Never mind looking up how much their friends earnt!
it’s just baffling that people think just because you can physically look at someone’s medical records that it’s ok to look!

There are some pretty thick people about. I've worked in different financial companies like banks and insurance.

For the last 20 years or more it has been common for it to be recorded if you look up an account that does not relate to your job. This is particularly relevant for high profile customers.

Kirbert2 · 27/06/2026 00:29

mummypigoink · 26/06/2026 19:20

They’ve referred themselves to the ICO. That’s basically an admission there has been unauthorised access as there’s no reason to report otherwise. It might be that 200 people have legitimately looked at the records. But there’s 40 who had no reason.

As pp said, not necessarily. Hospitals will refer themselves for all kinds of reasons.

NeverDropYourMooncup · 27/06/2026 04:54

godmum56 · 26/06/2026 15:06

who would be trying to identify the whistle blowers in this way? I mean the governance people will know who they are and those accused won't find out by accessing patient records?

The people who are responsible for what has been whistleblown about. 'How did this information get out? Who has access to it? Who sent it to them?'

Whistleblowing can be anonymous precisely because the repercussions can be horrendous for those who do it - and it doesn't have to go to internal Governance departments for that same reason.

In jobs where I have been in a data/tech role instead (I was only a PA for a few years when the kids were tiny), there have been times when I've had a pretty good idea that a request has been made in order to find out who has told a regulator or external body rather than anything benign. During one of these (that made the NoTW), the request led to discovering criminal activity entirely unconnected to the breach.

Womblingwombats · 27/06/2026 16:44

I was affected by a very difficult data breach at the same hospital. The doctor (who used the information in a deeply malicious way) was given a verbal warning by the Trust. We found this out a few years after the event. We were treated terribly. I’m a strong believer in the importance of data sharing across the NHS but sadly find it very difficult to ever speak to my doctor about anything sensitive, e.g. mental health these days. It feels like an open diary and I’ve stopped my records being shared sadly. Unfortunately the ICO only prosecute a couple of cases each year so the laws are pretty much meaningless.

igelkott2026 · 27/06/2026 17:04

I worked for an organisation that was involved in a high profile investigation of a celebrity. I am sure quite a few of us were tempted to do a search on the system for the report, but wouldn't be that stupid. Some of it was reported by news outlets anyway - legitimately,

igelkott2026 · 27/06/2026 17:09

But people's natural nosiness and desire to gossip is why I am always cynical about the parent helpers in school. People try to say they don't gossip about the children once they go to their coffee mornings or mums nights out or whatever. Yeah right.

igelkott2026 · 27/06/2026 17:14

Backedoffhackedoff · 26/06/2026 14:00

you're all so pious 😂 I would 💯 want to do this if I had this sort of job and the only thing that would stop me would be fear of being caught. Im nosy as hell and love knowing about secret things.

That's MNers for you. Never put a foot wrong, never break the law. Except that they do as soon as they park on zigzags, speed or leave their engines running for the aircon when waiting for their kids to come out of school. I bet quite a few smoke illegal drugs. But that's all ok, but they feign faux shock at the fact that people might be nosy.

Meanwhile, in the real world most of us don't do (more minor) things because we are scared of being caught and the consequences.

DejaMooo · 27/06/2026 17:22

It’s an issue in police forces too. I have a police staff job and during my induction had training on this exact thing. They routinely audit the system for it. I don’t remember the figures but in the training it said how many officers/police staff were disciplined/sacked for accessing people’s records when they had no operational need to, and it was a lot. Pretty certain I never would nosey anyway, but good to know they do this and take it seriously. I’ve often wondered if they audit staff members individually or do it on high profile cases, or both I guess.

LoudLemonCrab · 27/06/2026 17:27

“Something like 11 people were sacked and 12 given final warnings about that (somehow suggesting it wasn’t their first time doing so).”

Final warning doesn’t necessarily mean repeat behaviour. It’s just the most serious stage of warning available before you sack someone.

WearyAuldWumman · 27/06/2026 17:31

smallglassbottle · 26/06/2026 12:07

I agree, but it's naïve to rely on people to do the right thing. Even healthcare workers can be scumbags and indulge their morbid curiosity. There needs to be tighter controls over who can access these things.

We had a similar situation in Fife, only the guilty parties were Social Workers.

The head of the children's division of social work later resigned, but said that it was unconnected with this and that he was following his vocation as a pastor.

https://www.thecourier.co.uk/news/fife/235802/fife-council-workers-sacked-after-inappropriately-accessing-mikaeel-kular-files/

Fife Council workers sacked after inappropriately accessing Mikaeel Kular files - The Courier

Several council workers in Fife were sacked for accessing confidential social work files surrounding the tragic Mikaeel Kular case, it has emerged.

https://www.thecourier.co.uk/news/fife/235802/fife-council-workers-sacked-after-inappropriately-accessing-mikaeel-kular-files/

Stelladid · 27/06/2026 18:05

Most medical records have been computerised for a couple of decades now. Each member of staff have their own login. If a patient isn’t on a clinician’s or nurse’s caseload, they have to enter a reason from a drop down menu indicating the reason for access. These instances are reviewed and anyone doing this without a genuine valid reason for access, will be dismissed for gross misconduct. I am surprised there were so many idiot staff members in this case, but you will have read about it because the system worked. Before I retired, we had a couple booted out for accessing Paul Gascoigne’s records.

Orangebadger · 27/06/2026 20:02

lovecotswoldsliving · 26/06/2026 12:09

In schools only a very few members of staff can access any medical events.
why is this not the case in the NHS?

Because it’s a healthcare service not at educational one?!

Merida46 · 27/06/2026 20:05

This should be a sackable offence!

godmum56 · 27/06/2026 20:27

Merida46 · 27/06/2026 20:05

This should be a sackable offence!

it is

SemiRetiredLoveGoddeess · 27/06/2026 21:01

These people should be named and shamed and given conditional suspended prison sentences.

It should be a crime for any NHS or government worker to do this sort of despicable practise.

ElectricLegs · 27/06/2026 23:00

As far a "nosey middle aged women" being pointed at as the main offenders, the NHS authority I worked at had an 85% to 15% staff ratio female to male.

You were told to always use your specific login to access the Patient Management System. Also never to allow someone to use your computer when logged in as changes to the patient record would be logged under your name, which could lead to repercussions in the future.

All access to the system left an audit trail of every keypress, every opened and/or modified patient record. I don't know how often the audits happened, but everyone knew the rules: don't access any patients record unless you have official reason to do so. Not even your own.

My attitude was that it was none of my business what other people were 'blessed' with. Luckily I did not need to know the patient's name in my role. I used to just use their patient ID, a unique 'random' number that was assigned to each patient when they joined a GP Practice. My job was to provide reports based on that aggregated data. I didn't even know my own patient ID, and never looked at my own record.

If we ever wanted to change a patient record we had a number of Dummy Patients, whose fictitious records we could practice on. The dummy patient system was what was used to train staff on the software, rather than on live patient data.

My experience was that the staff was very professional. Very committed to the patients' privacy. Our system had an extra layer of privacy where a patient could ask that the only person who could access their medical record was a GP. The system would not allow anyone else to see that record.

AlwaysHungry123 · 27/06/2026 23:40

I lived on the same street as one of the top British artist. The health visitor that came to see my newborn told me that the artist refused any health visitor and was suffering from severe PND. I can’t believe they just feel that can gossip about the celebrities just because they’re celebrities.

Stelladid · 28/06/2026 00:28

Merida46 · 27/06/2026 20:05

This should be a sackable offence!

It is. It’s gross misconduct.

Coolclouds · 28/06/2026 06:46

Yes it does leave a trail. I think there needs to be more restrictions in place. People are nosy and shouldn’t be doing that job if they breach confidentiality. The child’s name has not been released so it’s clearly people connected to the hospital or local area.

Kirbert2 · 28/06/2026 09:56

Coolclouds · 28/06/2026 06:46

Yes it does leave a trail. I think there needs to be more restrictions in place. People are nosy and shouldn’t be doing that job if they breach confidentiality. The child’s name has not been released so it’s clearly people connected to the hospital or local area.

Edited

Some people do have a lot of medical professionals genuinely needing to access their medical records though. I'm not sure I'd want to make it more difficult for them just because some people are nosy and might break confidentiality rules.

Gherkinslice · 28/06/2026 12:03

Purplecatshopaholic · 26/06/2026 12:07

Where I worked it was crystal clear you do not access anyone’s records you don’t have a need to do so for work purposes. It was recorded who looked at what, audited very strictly, etc. We dismissed people who breached that. I am gobsmacked how many people seem to do it, but I guess sometimes voyeurism wins out!

It depends where you work and if anyone actually does monitor it. I worked at a GP surgery in a large but rural village, and saw admin staff regularly access patient's records to gossip. I feel fairly sure they did it with mine too (no other practice anyone could join) as there was a strange topic of conversation raised one day hinted about something deeply personal to my past. I didn't work there long, they were toxic, but i often wonder every time i still have to go there whether they are still entertaining themselves

Purplecatshopaholic · 28/06/2026 12:06

Gherkinslice · 28/06/2026 12:03

It depends where you work and if anyone actually does monitor it. I worked at a GP surgery in a large but rural village, and saw admin staff regularly access patient's records to gossip. I feel fairly sure they did it with mine too (no other practice anyone could join) as there was a strange topic of conversation raised one day hinted about something deeply personal to my past. I didn't work there long, they were toxic, but i often wonder every time i still have to go there whether they are still entertaining themselves

Bloody hell Gherkin, that’s genuinely shocking.

SummerPunch · 28/06/2026 12:07

It's probably always been done but now gets found out due to computerised records.

SerendipityJane · 28/06/2026 13:06

SummerPunch · 28/06/2026 12:07

It's probably always been done but now gets found out due to computerised records.

Not only is it possible, but it is mandated for financial organisations. They are required to implement processes which can report on who accessed what, when and where from.