My “friend” looked at my medical record.. Question for anyone who works in a NHS hospital

[AdviceNeeded3282]

As the title says. A friend of mine who works as an admin in the back office of a hospital has access to patient medical records/information. One night out she openly admitted that she has looked through people’s medical records?!?! (My guess is it’s all computerised). I was gob smacked to say the least. She found it funny/said it was interesting then realised I was angry. She openly admitted she has looked at all of our (close friends) records. My guess she has looked at my DH’s and anyone she is friends with? Anyhow about 2 years ago I went to my GP as I was suffering with depression which I told NO ONE about. This was at my doctors, not my hospital. Are all the systems linked ???? I do not want her knowing my private business like this. Before you say you should report her, I am not going down that road.

Well done for deciding to report her, OP. I agree with above, they will ask her to explain why she searched for every person.

Before I got my job in mental health I worked in an outpatient clinic and I could access all records (I needed to) So, just because she's admin I wouldn't assume she can't access all areas.

Thank you for deciding to report her OP, I promise it's the right thing to do. If you yourself had been the victim of sexual assault or domestic violence would you want your friend snooping to find this out for her curiosity or amusement?

For what it's worth I'm an NHS employee and one of the secretaries that I used to work with in a neighbouring team used to freely admit to looking up her children's friend's records and their parents just to get gossip. She was reported, but whilst they were investigating I required a sensitive operation. I made the choice to go private and pay nearly £2500 to do so (not easily affordable for me) as I knew if I'd gone through the nhs this secretary would have looked me up and spread gossip in an instant. Your friend is not treating other people with the respect or privacy that we all deserve as patients. In reporting her you're doing the best (and ethically responsible) thing to protect others and to educate your friend that this is not acceptable in any way shape or form.

She's put you in an awful position OP and her behaviour is disgusting.

I am aware of a similar situation in a govt department and internal governance were apparently easily able to identify unauthorised access to records. We were supposed to report accessing records accidentally (reference slightly wrong etc) as any access without a clear business need (appointment/letter/test results) is an unauthorised access.

I know you don't want to get your friend in trouble but this really is such a huge betrayal of trust and confidentially.

I’m glad you’ll be reporting her. I recently requested my medical records and was surprised and a bit embarrassed that a summary of my medical history (including intimate gynae issues) were included with referrals to other services.

It’s very easy for them to check what she had been accessing.

Medical records have tight security, a digital record is kept of who accesses them and when. The fact that she accessed records she had no need to is a serious issue, let alone accessing the records of friends for her own benefit.

She deserves to be sacked.

She’s a troll op.

Disgusting behaviour to look in the first place, what on Earth is she getting out of it? Tittilation? She’s getting PLEASURE from finding out tasty bits of gossip about her friends. And what’s worse is she’s then telling you all and letting you sweat. Who in the name of holy good fuck behaves like that unless they are emotionally abusive fuckups???

So you were worried about seeing your go about depression once. Imagine one of you other friends has even more severe mental health complaints, attempted suicides in their past they’ve never told anyone? Or had to be treated for sexual health issues after being assaulted? Or had terminations they’ve never told anyone about.. friends who t family or even partners, And now they know that this woman knows? They’ll be beyond upset.

Report her anonymously and wash your hands of the whole thing in good conscious. She’s dangerous and her behaviour is dangerous on a personal and social level.

Fair play you have made a good decision and ultimately reduce the chance she may do this again in the future.

I am a manager in the NHS and this is very clearly known by all staff as gross misconduct. All NHS staff have yearly information governance training and know full well this is a breach of confidential information. If they are electronic records she will be caught easily when you report her as you can audit records

I have put restrictions in place on some of the systems I use to stop this happening (so people can book an appointment but can’t get into a record) as it’s on a ‘need to know basis’

This will be seen as a very serious offence and IMO she will be terminated of her employment for it.

If you feel guilty then just remind yourself she knows this is wrong and did it anyway. She’s not your friend

It depends what system she has been accessing as to what she can see OP. I work with GP and community electronic records so essentially we can see a lot, but not records from the local hospital unless they use the same system as well - although contains letters from the hospital.

It’s not the point what she saw the fact is she should not have done it

And meant to add as well that she’s told you and laughed about it to giver herself validation that you all actually don’t mind. Now that no ones stormed off and told her what a duck she is or called her out on it OR REPORTED HER she’s had confirmation that it’s fine and actually she’s been given permission to continue and possibly escalate it. Next time she tells you all about it it might well be a specific thing that she’s dug up, she’ll be thinking she’s a valuable source of information... did you know that xyz has genital herpes she’s been getting treated for years??? Hilarious.....

NHS hospital systems and GP databases are not linked in that way, any spots you have had for hospital treatment. Bloods etc will be on there. She has broken the rules, I work for the NHS and you are not allowed to search for info regarding friends, colleagues and family. It is a info governance breach and she can be tracked on the system she is using. She may not realise this. I would go direct to PALS and complain, give them her name and she will be disciplined....suspended during investigations. Your friendship is over now she has done this, and when you report her that will be it but ...she should not be working in the NHS. I would never search anyone I know on the systems....it's just not right and frankly makes me feel ill and disgusted with her.

Also op please don't feel ashamed about depression, you've nothing to be ashamed of at all, your friend on the other hand does.

Thank you for doing the right thing.

@Stormy76

You can’t know that. I work with SystmOne and more and more hospitals now have access to this which contains all your GP records and community records, although this might be a Summary Care Record this still lists medications which can be a giveaway for a condition. It depends which department you are working from as to your access levels and rights. Not all Trusts or managers are as on the ball as others - recently I realised I had given the wrong RA code to a few people who had higher access rights than others and had to go back and change them all. Also there is STILL a lot of log in swapping rife in NHS, where people use other people’s log on instead of obtaining their own (pathweb for example is bad for this)

OP I'm a medical secretary working in a GP practice and can confirm that hospital and GP records are separate so hospitals can't view detailed GP records unless they specifically request them. There is something called the summary care record however which will just contain a list of a patient's past and present problems which both hospital and GP can view.

Your "friend" is an idiot and shouldn't be doing her job if she's so cavalier about patient confidentiality. What she's doing would cause her to be dismissed instantly.

@pookiedo yes there are more links up with records but not every service has that link and not every person has all the access. I am a Secretary in the NHS and I know for a fact that we do not have the link to the GP, we are Mental Health. So in that I am correct, it is different on the general side but as far as I was aware a summary record with referrals and medication , brief information is provided only if people have given permission.

You are correct that there are breaches taking place every day, login issues causing a lot of the login sharing and it is wrong but this particular issue with someone going out of their way to find out info about friends is a complete breach. We all know that it is not allowed and OPs friend should be disciplined and will be sacked once the investigation concludes.

I know you don't want to report but think that you have too. If she can access your gp (unlikely) would it put you off seeking treatment for certain conditions in case she could read about it.

Please follow through and report her.

What she's doing is incredibly wrong and violating. It really is.

Please report her, that's very violating and concerning.

No they aren't linked. A hospital record is forwarded onto your GP and put on your main record, but a hospital can't access your GP records as far as I'm aware.

They can. They can see your summary care record!

Also if you go to an appointment even on paper records they will take your medical history. As a patient I was having a medical procedure and had to give in depth medical history which was all written down. You also do not always see what a GP sends in a referral letter, this usually relevant medications and your medical history. The lack of sharing information has been highlighted in the 5 year plan and a lot of Trusts are joining up to share. My Trust has SLA with mental health Trusr and admin have log in to Paris. This is ‘read only’ but the Trusts are all looking for better ways to share data

I'm ex NHS, like many posters here.

Systems vary around the country, as you can see from the comments.

What doesn't vary are the strict rules around confidentiality. She will know that she's wrong but she doesn't care because she's getting away with it.

Can I just add my support to the many voices saying that you really must report her. It's a harsh lesson, but it will send a really strong message to other people as well, who may think it's ok if she does it.

And my support to you too, do contact the Trust, they will take it seriously.

SystmOne has just launched EMIS interoperability. The way that Trusts, social care etc connect is changing a lot
You can’t blanket this in one statement that you can’t see things because you really don’t know that

Sorry OP. For these reasons it’s even more important to report because they could have gaping wide holes in their systems and they need to know about it

They should encrypt patients' names do that it's just numbers that people have access to. That would be confidential?

They shouldn't go to the expense of encrypting names just because some people betray trust.

My no contact DM. We moved house, ex directory. She found us through a good friend who worked for the NHS. I was so mad when she told us.