Cambridge University Hospitals (CUH) has launched an internal investigation after it emerged that up to 40 staff members had accessed the medical records of a three-year-old boy who was seriously injured in a crocodile enclosure incident. The child, from Cambridgeshire, remains in a stable condition at Addenbrooke's Hospital, where he is being treated for his injuries.
The family's visit to Johnsons of Old Hurst zoo near Huntingdon on 18 June took a devastating turn when the boy was attacked within the enclosure. Thankfully, staff members were able to pull him to safety and call emergency services. The police investigation into the circumstances surrounding the incident is ongoing, with a 30-year-old man from Norfolk arrested and bailed on suspicion of attempted murder.
Cambridge University Hospitals has robust policies in place to protect patient data and is now scrutinising each instance of record access to establish whether legitimate clinical or operational reasons existed. The hospital group treats breaches of patient confidentiality extremely seriously, with disciplinary action – including dismissal – a possibility for staff members found to have accessed records without justification.
Patient confidentiality is fundamental to the NHS, with strict guidelines in place to ensure that personal medical information is only shared with those who need it. The General Medical Council (GMC) and Nursing and Midwifery Council (NMC) issue clear guidance to healthcare professionals on their responsibilities regarding patient data.
The Information Commissioner's Office (ICO) has the power to issue substantial fines to organisations that fail to protect personal data adequately, with penalties potentially reaching millions of pounds. This incident highlights the ongoing challenge faced by healthcare providers in safeguarding sensitive patient information, even within highly regulated environments.