My “friend” looked at my medical record.. Question for anyone who works in a NHS hospital

[AdviceNeeded3282]

As the title says. A friend of mine who works as an admin in the back office of a hospital has access to patient medical records/information. One night out she openly admitted that she has looked through people’s medical records?!?! (My guess is it’s all computerised). I was gob smacked to say the least. She found it funny/said it was interesting then realised I was angry. She openly admitted she has looked at all of our (close friends) records. My guess she has looked at my DH’s and anyone she is friends with? Anyhow about 2 years ago I went to my GP as I was suffering with depression which I told NO ONE about. This was at my doctors, not my hospital. Are all the systems linked ???? I do not want her knowing my private business like this. Before you say you should report her, I am not going down that road.

What can and can't be accessed is complicated.

So for example, I am currently accessing 3 services within a community trust

When I access one, information about contact with the others appears, so if you work for that Trust those records would come up.

If you were working for one of two different Hospital Trusts and searched me record of my contact with Women's Health Services would appear

In the case of mental health, if this was only dealt with by your GP, and she doesn't work for that GP she wouldn't see it, unless you were referred to a secondary mental health trust provider for services and she works for them, some mental health trusts have now branches into physical health services.

There is no magic google that lists your contact with every different service ever unless it's your GP.

In any case you absolutely need to report this @AdviceNeeded3282 she has admitted that she has done this to everyone she knows for shits and giggles and you don't know what's on everyone else's list that they deserve privacy for because that's what privacy is - she could seriously compromise someone's personal life through this. It's a sackable offence and they deserve to be sacked

Q

X posted with OP

Dont shoot the messenger for god's sake.
why should anyone be disgusted with op

your GP records arent accessible at the hospital op.
she is a very silly person to do this.

That's disgusting. Report her.

Call the hospital and ask to speak to the data quality team. They will listen and take your concerns seriously and will guide you in how your concerns will be logged and dealt with. Given that she admitted it openly I doubt it would be the first time they have said something like this in company so a complaint could have come from any one not just you.
I cannot stress enough about how serious a matter this is, (and all staff know that) and from your post does not just affect you.
I'm sorry you have been put it this position but you know what the right thing to do is.

Hmm well if her job is to input data, it is unlikely she would be given the authority to read electronic records. Computerised systems restrict access based on roles. Non clinical staff have limited read options and even clinical staff will be restricted. Ok some people have fairly wide access but it is unusual that a data entry clerk could have generalised access to read patient records. Because they have no role in actual clinical care, like say a paramedic.

So maybe the friend is bullshitting. Not sure why the OP has gone coy with the line, “it happens a lot”. Is somebody, with a bee in their bonnet about data protection, trying to make a point ?

I would be deeply upset. If it were me I would make a formal complaint. There are things I have discussed with my gp that nobody needs to know about. I feel angry reading this.

Glad you’ve changed your mind after the past hour of reading people’s posts. I suspect you knew all along what to do, have faith in yourself!

Moonshine86 don’t allow an anonymous post on a forum to get you angry: not everything you read is true anyway. There are procedures in place to avoid people abusing their trust like this, and the majority of people are honest enough that if they found out about someone doing this they’d report immediately without even a second thought.

Sorry I think my ultimate point was with regard to this friend depends entirely on who her employer (Trust) is

If it's say Local General Hospital Trust

She's got stuff like A and E visits, consultants you're under, admissions, operations that level of thing

If it's a community trust

She's got things like

Weight Loss Clinic
Smoking Cessation Clinic

Lower level things

Which doesn't make it better at all, just gives you a better idea of what she's seen if you know where she works and who employs her.

I will report anonymously- I wonder what they will look at to establish patients she was supposed to look at compared to friends files.

I’m so pleased you are reporting this. As she has now told you abo thus she has dragged you into it and if you say nothing you will be covering up for her.

It doesn’t matter that she a Bank member of staff, any access to the electronic patient notes leaves an audit trail.

She definitely needs reporting. Glad you are going to do the right thing.

I don't know why anyone would risk this, you're sacked on the spot for this. It's also not your right to snoop, how would she like it if it were her family?

I can do this at my place of work, I never ever look at anyone's I don't need to. I'd absolutely get sacked for this. Report her.

Well they will probably ask for a reason for each person she accessed op.

I don't know why anyone would risk this, you're sacked on the spot for this. It's also not your right to snoop, how would she like it if it were her family?

Well the very fact that she’s even telling everyone she does it would indicate that she ain’t the sharpest tool in the operating theatre.

The system notes which files have been accessed and by whom. She will be picked up by internal audit. If she is looking at paper files you should still report her.

The hospital will have some system for reporting complaints just use it. They will investigate and how they investigate is best kept confidential so they can catch people.

What weird priorities.

This is an absolute no-no in NHS admin terms and your 'friend' will absolutely know that. It's a disciplinary offence and she may well lose her job if it can be proven she is a repeat offender.

If the records are electronic they are much more secure as she will be restricted as to what she can access dependent upon her job role. In an admin role she would be unlikely to be able to see detailed medical notes. The electronic systems also have a full audit trail so every time someone reads or edits a record this is recorded against their personal user log in. It is very easy for those with the correct access privileges to view a log of activity either by user or by patient.

She will not have been able to access the GP records. They are not linked in the way you assume at all. Some hospitals are able to access GP records in A&E but only some and only by clinicians in emergency situations.

However it is my no means certain that she has accessed electronic records as such a huge percentage of NHS Trusts are still totally reliant on paper based medical records. If she has been accessing the paper medical record files of her nearest and dearest then it will be much harder to prove.

Please report her she has done something very wrong.

Followed the thread and it's good to see that you've decided to do the right thing. You can do so with a clear conscience.
You state that she isn't permanent staff - works for Staff Bank. That could be your starting point. If you're really anxious about it - do it anonymously. Look at the Hospital website for details. Either a direct phone call or letter, with relevant details/information.
As other posters have said - the consequences are 100% her own fault.
She is unfit to be employed in such a position of trust.

Thank you for agreeing to report her. If it were me, I'd google the most relevant number I could find when I typed in information governance and her nhs trust's name call them - withold your phone number if that helps put your mind at rest, and tell them that you're external and would like to report to them your concern about a data breach. Tell then roughly what you've told us - that a friend was boasting in the pub about accessing friends records without good reason - and ask them whatever you need to reassure yourself about how to go about reporting this to them confidentially. They should be able to reassure you. Then give them facts. I suspect they can make it look like a standardised random check that they do on everybody, and they're investigating her because something automated threw up a question on her account.

I feel sick about the idea that people I know within the nhs could be looking up my data when they have no valid work reason to do so. Like you I've got mental health stuff on my record that I do not want dragged up from the past, and I don't want people who don't need to know, knowing even stuff like my weight or smear test results. It's a gross abuse of trust, and if she's merrily telling you with no shame, then what (and who) else is she merrily gossiping about to others? I'd have no hesitation reporting a person who told me that, you're not losing her her job, she is. What you are doing by reporting her is helping to protect other people and their data in the future. I would just do it quietly without telling your other "mates" who don't see the problem, and deny all knowledge.

The computer system logs who has check your info. Patients are entitled to see that list. Only staff necessary to the treatment is allowed to check the information.

It's gross misconduct and she will and should be sacked. To others who have said that they know of similar behaviour but have no proof - you don't need proof. Electronic record systems record who has accessed which patient records and when. I would provide a list of names she has told you she has accessed and the date she notified you of this. You don't have to identify yourself. It's very wrong and she knows it's very wrong. Training makes it absolutely clear to staff just how wrong it is so she has done this knowing exactly how serious it is.