Home / News & Resources / Case Study / NHS family member shared confidential medical information

NHS family member shared confidential medical information

When it comes to medical data breaches, in most cases, it is human error rather than cybercrime that leads to information falling into the wrong hands. But what happens when someone deliberately accesses and shares your private and sensitive medical records?

In a recent case, our solicitors saw the impact of what can happen when sensitive medical information was revealed by a family member working for the NHS.

What happened in this case?

In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system and then shared personal details about our client with the rest of her family. This included specific information about our client's baby.

As a direct result of this violation, our client's relationship with family has broken down. She has received threats from a family member resulting in police involvement, and has to deal with the ongoing worry of further danger.

In response, our client has suffered stress, anxiety attacks and trauma. Ultimately she has required medication to be prescribed to help manage the psychological effects of this terrible breach of trust.

To make matter worse, the breach has meant that our client can no longer continue her university studies, so she has also suffered the loss of expenses, and the opportunity to progress her career.

Lessons learned

NHS employees have a duty of confidentiality not to divulge private information. But in this case, this duty was disregarded. And, while the family member who accessed the data is responsible for this, the NHS must do more to protect patient information. For example, by designing systems that only allow the specific specialists, doctors or consultant allocated to a patient to have access to their data.

Also, every staff member accessing a patient's records should provide a reason for doing so. And all NHS employees should receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.