A hospital trust in Cambridge has launched an investigation into up to 40 members of staff who are feared to have inappropriately accessed the medical records of a three-year-old boy, Sky News has reported. Under the rules governing patient confidentiality, NHS staff should only view someone's records if they are directly involved in treating them or if the patient has given consent, making the suspected scale of the snooping in this case especially serious.
What makes the episode all the more striking is that the alleged breaches appear to have carried on despite an explicit warning. According to the broadcaster, a memo had been sent round to staff at the Cambridge hospital telling them not to look at the file, after five members of staff had already been sacked for accessing the records. Even with that warning in place, an investigation is now under way into the further suspected breaches.
The records at the centre of the inquiry relate to a three-year-old boy who ended up in a crocodile enclosure at a zoo in Cambridgeshire. In connection with that incident a man was arrested and later released on bail, with police saying he had been deemed not fit for interview. The case drew intense public attention, which appears to have fuelled the temptation among some staff to look at material they had no clinical reason to see.
The matter has now reached central government. A spokesperson for the Department of Health and Social Care said the department was urgently looking into the issue in order to prevent it from happening again, a sign of how seriously ministers are treating repeated failures to protect confidential patient information held within the health service.
As the case escalated, the trust at the centre of it, Cambridge University Hospitals, confirmed it had referred itself to the Information Commissioner's Office and said it takes data breaches seriously, while the young boy continued to recover in hospital from his injuries. The data watchdog said it had received a report from the trust and was assessing the information provided, stressing that patients need to be able to trust that their medical information stays available only to staff who genuinely need it, especially when a child is involved.
The Cambridge investigation is far from an isolated example. Sky News noted that only last month 11 members of staff in Nottingham were sacked for inappropriately accessing the files of victims of the Nottingham attack, one of two recent incidents in which workers were found to have looked at the records of high-profile victims without any legitimate reason to do so.
In the second of those cases, an NHS trust in Liverpool said it was aware of almost 50 members of staff who may have accessed files relating to the Southport attacks. Taken together with the Nottingham sackings, the figures point to a recurring pattern of curiosity overriding the strict duty of confidentiality that staff are bound by.
That repetition has prompted a broader worry, with the correspondent reporting concern that unauthorised access to sensitive records may be a wider cultural problem across the NHS rather than a series of one-off lapses. The strength of the statement from the Department of Health and Social Care reflects that anxiety, as the health service faces renewed questions over whether it can guarantee that the most sensitive details about patients, including children, remain seen only by those entitled to see them.