Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
Legal matters

Mumsnet has not checked the qualifications of anyone posting here. If you have any legal concerns we suggest you consult a solicitor.

Original poster

NHS Data breach - child and I

17 replies

eltonjohn321 · 07/04/2025 15:23

Received two separate letters addressed to myself and child who is a minor today. Saying our patient records were accessed and breached by an individual who should not have been looking at them. Internal investigation, and a police number. Don’t suspect gangs etc.

I feel sick. We have different last names ( I’ve still to change to my married name) so they may have seen it on one file but it seems coincidental.

What do I do next? FOI for further information- what data, when etc ? Do I contact someone legal given it’s a breach of data protection laws and was only found due to an audit? Do I claim? All they’ve given is a sorry.

OP posts:
Whyherewego · 07/04/2025 15:27

Well it's good they've proactively contacted you but I'm confused why they haven't given any advice regarding follow up. I'd want to know when the investigation is due to complete and what it found. I don't think a lawyer will do much good until you have more information

Original poster
eltonjohn321 · 07/04/2025 15:35

All it’s says is if you want to discuss the letter to contact the patient experience team. So now I have to be proactive…

OP posts:
AnticleaAndLaertes · 07/04/2025 15:42

eltonjohn321 · 07/04/2025 15:35

All it’s says is if you want to discuss the letter to contact the patient experience team. So now I have to be proactive…

Contact them surely?

ohnowwhatcanitbe · 07/04/2025 15:48

eltonjohn321 · 07/04/2025 15:35

All it’s says is if you want to discuss the letter to contact the patient experience team. So now I have to be proactive…

You've asked in your OP what to do next. Well contact the patient experience team first then, before anything else. They are literally telling you what to do.

Original poster
eltonjohn321 · 07/04/2025 15:53

Yes I’ll email them.

OP posts:
Whyherewego · 07/04/2025 19:06

eltonjohn321 · 07/04/2025 15:53

Yes I’ll email them.

Email and ask when is the investigation likely to conclude. Will the findings be shared with you as data subjects and if not, why not. Have they referred this to the ICO and what is the reference?

Original poster
eltonjohn321 · 07/04/2025 19:14

@Whyherewegoim currently awaiting legal advice via my EAP but have compiled a list of questions some of which are included in your response so thanks.

OP posts:
CatRescueNeeded · 07/04/2025 20:00

Do you know anyone that works in a medical facility and might have looked up your files deliberately?

Catsonskis · 07/04/2025 20:12

So our trust and I believe others have a thing where if your name is bob smith and you search for bob smith, Jane smith, Jenny smith jr and Jonny smith junior for example, you will flag as part of a potential breach (as you shouldn’t be searching your own records or family members records). This will then be investigated to see if it was appropriate, for example there’s tonnes of smiths and you might by booking legitimately Jane smith for a an appt you have no relation to but your job it to book patients to x clinic. Similarly post codes (so you can’t snoop on house hold members/neighbours, staff names flag up, celebrities etc).

if you are found to have a good reason for searching or doing anything such as booking appt for any of those, the finding is just filed away. But if it’s found bob smith was searching randomly for Jane smith and has no need to be looking at Jane smiths record, it gets heard at an internal panel and the patient informed.

hate to jump to conclusions but given you and your child with different names have both received letters, sounds like someone who knows you or your child, or your house hold has searched for your records inappropriately.

yes ring pals and follow through with their procedures if you want further information. It is very much a sackable offence from work and I’ve been on more than one panel discussing this.

Hope you’re ok

WorkCleanRepeat · 07/04/2025 20:51

This sounds very much like somebody is about to be sacked for gross misconduct!

I'd contact the patient experience team with your questions.

Original poster
eltonjohn321 · 08/04/2025 08:58

So I am aware of people who I know that work in NHS, none have recently left. The letter says they looked at the data out with their work duties and that they shouldn’t have. It says they now no longer work for NHS ‘XX’ but as my husband pointed out does that just mean our local NHS and they could be in another region. It doesn’t state if this incident was in a hospital or at our GP practice ( one of the questions on my list).

I am absolutely not ok with this, it’s causing distress as to what data was breached and could be used maliciously for both I and my child. I’m away to chase EAP as they never called back last night.

OP posts:
Original poster
eltonjohn321 · 08/04/2025 09:00

Ironically we have to go to hospital today for an outpatient apt for our child and the consultant has no beside manner so I am not in the best of moods!

OP posts:
RosesAndHellebores · 08/04/2025 09:02

What exactly might they find out? If Joe Bloggs now knows I have osteoporosis and DH high blood pressure and DD ADHD and has needed AD'S for a long time, and we all live at Bear House, Framlingham, it wouldn't be an issue for me.

Original poster
eltonjohn321 · 08/04/2025 09:25

@RosesAndHelleboreswhy would I answer that on a public forum.

OP posts:
vipersnest1 · 08/04/2025 10:42

RosesAndHellebores · 08/04/2025 09:02

What exactly might they find out? If Joe Bloggs now knows I have osteoporosis and DH high blood pressure and DD ADHD and has needed AD'S for a long time, and we all live at Bear House, Framlingham, it wouldn't be an issue for me.

So that means it shouldn’t be an issue for anyone? 🙄

Whyherewego · 08/04/2025 13:35

eltonjohn321 · 08/04/2025 08:58

So I am aware of people who I know that work in NHS, none have recently left. The letter says they looked at the data out with their work duties and that they shouldn’t have. It says they now no longer work for NHS ‘XX’ but as my husband pointed out does that just mean our local NHS and they could be in another region. It doesn’t state if this incident was in a hospital or at our GP practice ( one of the questions on my list).

I am absolutely not ok with this, it’s causing distress as to what data was breached and could be used maliciously for both I and my child. I’m away to chase EAP as they never called back last night.

You can ask what specific data was seen and who looked at it.

NeedToAskPlease · 03/05/2025 21:10

Have you managed to get to the bottom of this?

New posts on this thread. Refresh page
Swipe left for the next trending thread