The confidentiality of NHS medical records has been thrown into doubt after a “stalker” hospital doctor accessed and shared highly sensitive information about a woman who had started dating her ex-boyfriend, despite not being involved in her care.
The victim was left in “fear, shock and horror” when she learned that the doctor had used her hospital’s medical records system to look at the woman’s GP records and read – and share – intimate details, known only to a few people, about her and her children.
“I felt violated when I learned that this woman, who I didn’t know, had managed to access on a number of occasions details of my life that I had shared with my GP and only my family and very closest friends. It was about something sensitive involving myself and my children, about a family tragedy,” the woman said.
The case has prompted warnings that any doctor in England could abuse their privileged access to private medical records for personal rather than clinical reasons.
Sam Smith, of the health data privacy group MedConfidential, said: “This is an utterly appalling case. It’s an individual problem that the doctor did this. But it’s a systemic problem that they could do it, and that flaws in the way the NHS’s data management systems work meant that any doctor can do something like this to any patient.
“If you’re registered with the NHS in England, this could happen to you.”
The Guardian has chosen not to name either the victim or the doctor, who is a consultant at Addenbrooke’s hospital in Cambridge.
The woman was initially baffled how the medic had come by very personal information about her, her sister and her children that the doctor had then relayed to her ex-boyfriend in the early stages of his new relationship with the woman last July.
“The doctor said that she had got it from friends, or from people in her choir or parents at my children’s school. That left my sister and I wondering if some of our close friends had betrayed us as we knew that only a few people knew those details. She had an unhealthy interest in us.”
The mystery was solved when at her request Addenbrooke’s gave the woman a detailed audit of all its staff who had accessed her medical records. It showed that the doctor had accessed her medical records seven times during August and September last year. On three occasions, the medic first accessed Epic, Addenbrooke’s own hospital medical records system.
She then clicked through to a different records system called GP Connect, which contained detailed notes of conversations her former partner’s new girlfriend had had with her GP about the painful impact of the tragedy and the health of one of her children.
On one occasion, the doctor, whom the woman did not know and had never met, rang the victim, asked her name, gave her name and then hung up. The victim assumed it was a deliberate ploy by the medic to show that she had gained personal information about her. “It’s normal to be jealous when your ex gets together with someone, but the doctor’s behaviour was upsetting.”
Addenbrooke’s initially denied it was possible for its staff to access GP Connect through Epic. However, in a meeting with the victim Dr John Firth, its deputy medical director, did acknowledge that her full GP records were available. Michelle Ellerbeck, its head of information governance, later emailed the woman to thank her for showing them that it could be done, in case “this enquiry ever comes up again”.
Dr Nicola Byrne, the NHS national data guardian for England, advises it how to keep patients’ information safe and use it properly. She said she was “concerned at the seriousness of the allegations” when the patient wrote to her detailing the unjustified intrusion into her medical history.
Byrne criticised the doctor’s behaviour as “absolutely unacceptable” and sought to reassure patients who may be worried by the incident by stressing that it was the first time she had heard of a medic breaking the rules on the secure handling of a patient’s medical records in order to gather information about them. However, she left open the possibility that others may be doing the same.
“Breaches of confidentiality are absolutely unacceptable. All clinicians should take their professional duties and obligations very seriously. And, given that no case like [this] has ever come to my attention before, I trust that most do,” Byrne said.
skip past newsletter promotion
after newsletter promotion
However, Smith said inappropriate access to records has existed for some years and that he knew of two similar cases of what MedConfidential called “the creepy single doctor problem”. Both involved male doctors, one at Addenbrooke’s and the other at a London hospital. In each case, the doctor told a woman on a second date that since they had first met, he had accessed her medical records in order to find out more about her, including health issues she had already mentioned.
“Both the women were unnerved and unsettled and couldn’t believe it had happened,” Smith said.
Cambridge University hospitals (CUH) NHS trust, which runs Addenbrooke’s, said it had disciplined the consultant but declined to specify what action it had taken, citing the need to protect staff confidentiality.
“We take the security of our patients’ information very seriously. To maintain confidentiality, we cannot comment on the details of this case. But we can confirm that it was fully investigated in line with the trust’s disciplinary policy and appropriate action taken,” the trust said.
“We have met with the patient to apologise and discuss their concerns and we are extremely sorry for the distress caused by this incident,” it added in a statement.
The woman said she was deeply frustrated that neither the police nor the information commissioner had taken any action after she complained that her right to privacy had been breached and that the doctor had broken data protection laws and also that CUH would not tell her what sanctions it had imposed.
Cambridgeshire constabulary said the woman had reported that she had been harassed. However, “an investigation was conducted and was filed due to lack of evidence”, a spokesperson said. The information commissioner said it had no power to help the woman and that it was CUH, and not her, that the data breach had affected.
NHS England declined to comment.