NHS staff handling confidential medical records are being reminded of their duties after a series of high-profile incidents highlighted the severity of unauthorised access. According to Sir Jim Mackey, Chief Executive of NHS England, accessing patient data without permission is "wholly unacceptable" and can result in immediate dismissal or even a prison sentence.
Recent cases, including staff being sacked for looking at records related to high-profile crimes such as the Nottingham attacks, have led NHS leaders to launch an awareness campaign. The initiative aims to educate employees about what constitutes unlawful access and the consequences for their careers. It also addresses the distress caused to patients whose data has been accessed inappropriately.
As part of this effort, NHS England has released new guidance outlining best practices for preventing unauthorised access to patient data. This includes measures such as role-based access restrictions, multi-factor authentication, and limiting access to sensitive information to only those who need it for their roles. The guidance also covers how NHS organisations can investigate and report breaches.
The campaign comes with technical advice on monitoring and regular audits of electronic patient record systems, including newer systems that offer real-time detection capabilities. It advises staff to report any suspicious activity to the IT department immediately. NHS England is urging all its organisations to implement robust technical controls to protect patient data.
NHS Chief Executive Sir Jim Mackey said: "The vast majority of our staff handle sensitive information with integrity, but a small number have let us down. It's incredibly worrying that they have chosen to undermine the trust patients place in us and caused additional distress for families." He stressed that there is "no place in the NHS for those who misuse patient data."