- NHS warns curiosity about patient records could end healthcare careers for good
- Prison sentence now added to dismissal for illegal access to confidential medical records
- High-profile cases of crime victims have sparked a nationwide strengthening of NHS privacy
NHS England has launched a national campaign to warn staff that accessing patient records without appropriate legal justification could end their careers.
The initiative includes screensavers and posters in NHS organizations reminding workers not to let curiosity overstep professional and legal boundaries.
Staff who breach these confidentiality rules may be subject to disciplinary action, dismissal, regulatory referral or even imprisonment under applicable data protection legislation.
A response to recent high-profile breaches
The campaign follows several recent firings related to staffers who illegally accessed records related to victims of high-profile crimes across the country.
NHS England specifically cited incidents of illegal access involving the 2023 Nottingham bombings and the 2024 Southport stabbing attack, both of which attracted significant national attention.
“Patients must be able to be confident that their personal information is kept confidential by the NHS – any instance of staff viewing records without a valid reason is completely unacceptable, is a shameful abuse of patients’ trust and is against the law,” said Sir Jim Mackey, chief executive of the NHS.
He added that most staff handle patient information appropriately, although a limited group has seriously undermined that trust through inappropriate access.
New guidance has now been published outlining different categories of illegal access, as well as advice on monitoring and carrying out regular audits.
Some newer electronic patient record systems are said to be able to flag suspicious activity in real time, helping organizations quickly identify unauthorized access.
Breaches can be reported to both the Information Commissioner’s Office (ICO) and the police, who can take criminal action under the Data Protection Act 2018.
Legal consequences and independent conclusions
The ICO has reiterated the expectations of patients and staff, and the consequences of this illegal action.
“When people seek medical care, they share some of their most sensitive personal information, with the assurance that it will be kept secure,” said Paul Arnold, chief executive of the ICO.
“Unauthorized access to these records is not only a breach of data protection law: it is a betrayal of that trust, with real and lasting consequences for patients and their families… Staff who violate this trust face serious consequences: loss of employment, withdrawal of professional accreditation and criminal prosecution.
The temptation to illegally access patient records often increases when cases attract public attention.
“When a local incident makes national news – a serious crime, a public tragedy, a story that captures the attention of many people – there is an increased risk that health care personnel will be tempted to look at records they have no reason to look at,” Arnold added.
“Anyone considering accessing records for personal reasons or out of curiosity should be in no doubt that they could put their career at risk and face disciplinary action, dismissal, referral to the regulator or even prison time,” Sir Jim Mackey said.
The findings show that 18 staff members at York and Scarborough University Hospitals have wrongly accessed patient records since 2021.
Eight of these 18 cases were subsequently referred to the ICO for further formal investigation.
Another investigation was launched after around 40 staff reportedly had access to the medical records of a three-year-old boy injured in an incident at a crocodile enclosure near Huntingdon.
Cambridge University Hospitals said restrictions had already been placed on the child’s records and confirmed that any staff without legitimate clinical or operational reasons would face disciplinary action or even dismissal.
Breaches of the Data Protection Act 2018 and the Computer Misuse Act 1990 can result in fines and prison sentences for those found guilty.
The scale of these repeated incidents suggests that existing safeguards have not systematically deterred staff from illegally accessing sensitive documents.
“Having the ability to view a file is not the same as having a legitimate need to do so. Each staff member has a personal responsibility to respect this limit…” Arnold added.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




