Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

All healthcare organisations must keep patient data secure, watchdog says

It comes after claims that up to three people could have been involved in trying to access the Princess of Wales’ private medical records.

Helen William
Thursday 21 March 2024 19:42 GMT
The move by the ICO comes after claims that up to three people could have been involved in trying to access the Princess of Wales’ private medical records following her abdominal surgery in January (Kirsty Wigglesworth/PA)
The move by the ICO comes after claims that up to three people could have been involved in trying to access the Princess of Wales’ private medical records following her abdominal surgery in January (Kirsty Wigglesworth/PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

All healthcare organisations have been reminded about the importance of keeping patient data secure after an alleged attempt to access the Princess of Wales’s medical records, the data protection regulator has said.

Organisations have been told staff must be thoroughly trained and should be clear about the data breach reporting process, and appropriate technical measures such as passwords and access controls should be used so personal information can only be seen by people who need to use it.

The reminder comes from the Information Commissioner’s Office (ICO) which states that over 1,500 incidents are reported by the health sector each year.

Every patient, no matter who they are, has the right to privacy

Stephen Bonner, ICO

As new technologies are increasingly used in the healthcare system, it is important that data is treated with the “utmost care and security”, said Stephen Bonner, the ICO’s deputy commissioner for regulatory supervision.

He added: “Every patient, no matter who they are, has the right to privacy.”

The move by the ICO comes after claims made by The Mirror newspaper that up to three people could have been involved in trying to access Kate’s private medical records following her abdominal surgery in January.

Speculation and conspiracy theories about the princess’s whereabouts and status of her health have been rife on social media.

The King, who has cancer, was treated for an enlarged prostate at the private London Clinic where Kate received her medical treatment, but the PA news agency understands Charles’s medical records were not accessed in the alleged breach.

Mr Bonner said: “We know people across the UK may be questioning how safe and secure medical records may be following reports of a data breach at the London Clinic.

“When we’re in the care of healthcare providers, we need to be able to freely share our personal and sensitive data – it’s often essential to ensure we receive the care and support we need. As new technologies come into use in our healthcare system, our data will become even more important.

“This underlines the need to ensure this information is treated with the utmost care and security.”

Enforcement action was taken against several healthcare organisations during the past year, including NHS Fife after a person posing as a nurse entered a hospital ward, and due to a lack of identification checks and formal processes helped staff with a patient and then made off with personal information from 14 patients.

Police were unable to identify the person or recover the lost paperwork as their progress has been hindered by the CCTV having being accidentally switched off by a staff member.

The ICO’s investigation found NHS Fife failed to have appropriate security measures for personal information, as well as low staff training rates.

New measures such as a system for documents containing patient data to be signed in and out and updated identification processes have been introduced.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in