HK, a nurse working at Nottingham University Hospital, accessed 28 medical records of patients she met on dating websites. She has accessed these records without authorisation. In April 2019 one of the patients complained of the breach to the NHS Patient Advice and Liaison Service (PALS).

The complaint led to an internal investigation. This found that the nurse was accessing the medical records without a clinical reason and contrary to the Trust policy. HK is a former paediatric nurse who worked at Nottingham Hospital for 10 years.  Her role enabled her to access her ex-partner’s and his wife’s medical records, in addition to another 24 records.

A Fitness to Practice committee of the Nursing and Midwifery Council held a disciplinary hearing. The nurse admitted she viewed the details of the people she had matched with on online websites. She explained she was checking this information for her and her child’s protection.

HK was found guilty of misconduct, with the committee stating:

“The panel finds that patients were put at indirect risk of harm as a result of your misconduct. Your misconduct had breached the fundamental tenets of the nursing profession and therefore brought its reputation into disrepute.

“The panel were of the view that if you breach confidentiality and trust, patients are less likely to confide in you with relevant information that may be required as part of the care.

“As a nurse, you explore sensitive and distressing information and for that reason you must have the confidence of patients, you must not abuse or misuse the information and your patients’ need to be confident that you will handle their information sensitively, correctly and professionally, which you had failed to do.”

The committee also decided the following:

HK would be subject to extra scrutiny and supervision when checking patient records. However, she was not suspended, with the committee deeming that such sanction would have been disproportionate to the nurse’s actions.

Such incidents are far from isolated events, and there are many instances of “nosey” medical practitioners and administrators freely accessing personal information for non-medical purposes. Indeed such behaviour can place patients at high risk. This is especially where the medical records are being accessed with bad intent.

You can find out more about the improper accessing of patient records here “Snooping” into patients’ records – a punishable offence under data protection legislation – DRM Legal – Data Breach Compensation Experts

Patients have a right to expect that the healthcare professionals who access their medical data do so only for the right reasons, and where their data has been unlawfully accessed and they have suffered distress as a result, they might have a right to compensation.

Please contact DRM Legal if you need advice on whether you can claim compensation for a medical data breach, and one of our specialist solicitors will be happy to help.