Ipswich Hospital staff ‘disciplined’ for accessing Ed Sheeran’s records
Threats / Ipswich Hospital staff ‘disciplined’ for accessing Ed Sheeran’s medical records
21 May 2018
A medical staff member and an administrative staff member at Ipswich Hospital faced disciplinary action after they were found guilty of accessing Ed Sheeran’s confidential medical records without authorisation.
The unauthorised access of Ed Sheeran’s medical records took place in October last year when the singer was admitted to Ipswich Hospital after suffering a bicycle accident. Ipswich Hospital had also initiated a review of care given to high profile patients last year after it was revealed that hospital staff had forced the singer to pose for pictures and sign autographs.
While a member of the hospital’s medical staff was served a written warning, a member of the administrative staff was sacked for accessing the singer’s medical records without authorisation. The disciplinary action was an internal procedure and the erring staff members were not referred to the Nursing and Midwifery Council or to other professional bodies.
Unauthorised access to patient records an ongoing issue
The unauthorised access of Ed Sheeran’s medical records not only proves that patient records were not stored securely, but also that access controls at the hospital were not strong enough to prevent people without authorisation from accessing patient records.
This is not the first time that NHS hospitals or clinics have suffered breaches due to unauthorised access of patient data by staff members. In March, the Kent and Medway NHS and Social Care Partnership Trust announced that it had dismissed a staff member who accessed sensitive medical records of patients without authorisation.
“As an organisation we have become aware of an incident which has occurred involving a junior member of staff inappropriately accessing medical records relating to the name and address of service users through our electronic systems.
“Our investigations into this incident have confirmed that there is no evidence that the individual has used any information they have reviewed for untoward purposes. The records were reviewed out of curiosity rather than with any malice or intent to commit further activity. However this is a very serious incident, and the staff member is no longer working within the organisation,” read a letter sent by the Trust to affected patients.
Last year, a report published by an independent panel of experts and commissioned by Google’s DeepMind Health revealed that a bulk of NHS records were paper-based, insecure and were difficult to use and maintain, forcing doctors and clinicians to devise their own innovative methods to make their jobs simpler.
Such methods included doctors using SnapChat to share patient scans and using camera apps to record particular details of patients in a convenient format.
“It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue,” the report said.
Jay has been a technology reporter for almost a decade. When not writing about cybersecurity, he writes about mobile technology for the likes of Indian Express, TechRadar India and Android Headlines