Scotland Yard could be called in to investigate an alleged breach of the Princess of Wales’s private medical data.
The world-renowned London Clinic in Marylebone where the Princess of Wales underwent abdominal surgery in January, launched an investigation amid allegations staff attempted to access her private medical records.
After The Mirror’s world exclusive was picked up around the world this week, sources have said tonight that “up to three people” could be involved in the alleged accessing of Catherine’s medical records.
In a further bombshell, it can be revealed that the alleged breach took place after the future queen was discharged from hospital on January 29, as social media exploded with outlandish and hurtful conspiracy theories relating to her surgery.
Sources said the criminal investigation, described as “unprecedented” and now being run by the Information Commissioner's Office (ICO), could run alongside an additional probe by the Metropolitan Police.
Accessing someone’s medical records without cause or consent can be a criminal offence.
If the ICO investigates and finds evidence that medical records were accessed illegally, it can take action, including prosecuting and fining the person responsible in court.
The development came amid a new statement from the CEO of the The London Clinic, who said:
“There is no place at our hospital for those who intentionally breach the trust of any of our patients or colleagues.”
A source said:
“This is such a unique case that a police investigation could run alongside one by the Information Commissioner's Office.
The IOC will deal with anything as a criminal matter, which could end up in a Magistrate’s Court, but if there were further claims of wrongdoing such as a conspiracy to distribute illegally accessed information, then that could be a matter for the police.”
Scotland Yard has also been urged to launch an immediate investigation, alongside the IOC probe, over fears of a potential royal blackmail plot.
Dai Davies, the former chief superintendent and head of the royal protection unit, said:
“Anyone accused of this most serious breach of trust should be interviewed under caution at the earliest opportunity.
The implications for the royal family are far and wide, and there must be a full probe by Scotland Yard to determine if any further crimes have been committed.”
The Met Police said it had not yet received a referral, but Health Minister Maria Caulfield said today that she understood “police have been asked to look at it.”
Speaking to Sky News, she said it was "pretty serious stuff to be accessing notes that you don't have permission to."
She added:
"I say this as someone who's still on the nursing register, that the rules are very, very clear for all patients.
That unless you're looking after that patient, or they've given you their consent, you should not be looking at patients' notes.
So there are rules in place and the Information Commissioner can levy fines, that can be prosecutions, your regulator.
So as a nurse, my regulator would be the NMC (Nursing and Midwifery Council), can take enforcement action….and can strike you off the register if the breach is serious enough.
So there are particularly hefty implications if you are looking at notes for medical records that you should not be looking at."
Asked if the police should look into the matter, she said: "My understanding is that police have been asked to look at it - whether they take action is a matter for them.”
Fears that the King’s private medical information had also been compromised were dismissed tonight, after Charles spent three nights at the hospital during the same period as the Princess of Wales after undergoing an operation for an enlarged prostate.
Sources confirmed bosses at the hospital had informed Buckingham Palace that the alleged breach being probed did not involve the monarch.
Charles and Catherine were discharged separately just hours apart on January 29.
The King was subsequently diagnosed with “a form of cancer,” announced by Buckingham Palace on February 5.
Senior bosses at the hospital notified the IOC within 72 hours of the alleged breach of Kate’s records, in accordance with the watchdog’s guidelines.
Despite global speculation over the nature of the princess’s surgery, which has sparked wild conspiracy theories across social media and international news outlets, Kensington Palace has gone to great lengths to protect her privacy.
The palace said when Catherine was admitted that she would spend two weeks in hospital and not return to royal duties until after Easter as she continued her recovery at home.
Sources suggested the princess may decide to join the royal family on a scheduled walk to church on Easter Sunday, but no decision had yet been taken.
As the crisis intensified today following The Mirror’s revelations, Al Russell, the CEO at The London Clinic, added:
“Everyone at The London Clinic is acutely aware of our individual, professional, ethical and legal duties with regards to patient confidentiality.
We take enormous pride in the outstanding care and discretion we aim to deliver for all our patients that put their trust in us every day.
We have systems in place to monitor management of patient information and, in the case of any breach, all appropriate investigatory, regulatory and disciplinary steps will be taken.”
The General Medical Council (GMC), which regulates doctors, also said patients must have confidence that their personal information is protected "at all times."
A spokesman for the Prime Minister said:
“Clearly there are strict rules on patient data that must be followed. I think we all want to get behind the Princess of Wales and Prince of Wales and we wish her the speediest of recoveries.”
10 notes
·
View notes
Hospital staff embroiled in a privacy probe involving the Princess of Wales will likely be facing disciplinary action, an expert has warned.
The Mirror revealed an investigation is underway at the world-renowned The London Clinic into claims Catherine's confidentiality was breached while she was a patient in January.
At least one member of staff was said to have been caught trying to access the 42-year-old's medical notes.
The future Queen had abdominal surgery at the London hospital in January and stayed for a fortnight, as she recovered before returning home to Windsor.
The allegations are the latest blow to hit Catherine, whose absence from public life over the past two months has led to wild conspiracy theories on social media about her whereabouts and health.
Now, an employment expert has outlined the likely next steps for accused staff, while a data protection expert has suggested Catherine could well claim compensation.
Employment partner Tracey Guest at law firm Slater Heelis told the Mirror:
"Any hospital employee who has accessed Catherine's private medical records, without any proper work reason to do so, is at risk of being dismissed due to gross misconduct.
Previous cases for dismissal relating to confidential information have held that it is important for employers to have policies in place, which make it abundantly clear to employees that unauthorised interference with computers/accessing confidential information unnecessarily will carry severe penalties.
No doubt all hospital employees will have been given contracts of employment where confidential information is a key term.
And it is likely that the hospital will have policies in place to make it clear that unlawfully accessing patient confidential information is likely to amount to gross misconduct."
The next steps to follow will depend on the alleged employee's years of service at the clinic. Tracey continued:
"If an employee has two or more years' service, the hospital will need to follow a fair procedure prior to dismissing an employee, otherwise they will be at risk of a claim for unfair dismissal.
This means that the hospital should require the employee to attend an investigation meeting, where the allegations are put to the employee and the employee is given a chance to respond and put forward any explanation/deny the allegations.
If the Investigating Officer decides that there is a case to answer, the employee must then be required to attend a disciplinary meeting.
The employee should be advised in advance in writing of the disciplinary allegations against them and warned that a possible outcome may be dismissal.
The employee should also be given the right to be accompanied to the disciplinary meeting by a fellow employee or trade union representative of their choice.
If an employee is dismissed, they should be given the right to appeal the decision."
It is likely that accessing medical records without any proper work reason is also a breach of data protection, and these allegations would also be discussed with the employee concerned, Tracey explained.
Meanwhile, the employees' alleged actions causing reputational damage to the hospital will also be assessed.
"Given the publicity surrounding this matter, this allegation would be genuine and could provide a further reason to warrant dismissal for gross misconduct (subject to the findings of any appropriate investigation and disciplinary)," Tracey added, before suggesting:
"Any employee involved in accessing medical records without a proper reason to do so may be best advised to resign, in order to avoid having a dismissal on their records."
The clinic's boss said that all appropriate investigatory, regulatory and disciplinary steps will be taken when looking at alleged data breaches.
Al Russell, said in a statement:
"Everyone at the London Clinic is acutely aware of our individual, professional, ethical and legal duties with regards to patient confidentiality.
We take enormous pride in the outstanding care and discretion we aim to deliver for all our patients that put their trust in us every day.
We have systems in place to monitor management of patient information and, in the case of any breach, all appropriate investigatory, regulatory and disciplinary steps will be taken.
There is no place at our hospital for those who intentionally breach the trust of any of our patients or colleagues."
It is a criminal offence for any staff in an NHS or private healthcare setting to access the medical records of a patient without the consent of the organisation's data controller.
Looking at somebody's private medical records without permission can result in prosecution from the Information Commissioner's Office in the UK.
A spokesperson for the data watchdog said:
"We can confirm that we have received a breach report and are assessing the information provided."
Jon Baines, Senior Data Protection Specialist at Mishcon de Reya, outlined what this would mean and suggested that Catherine could claim for compensation.
"Any investigation by the ICO is likely to consider whether a criminal offence might have been committed by an individual or individuals," he began.
"Section 170 of the Data Protection Act 2018 says that a person commits an offence if they obtain or disclose personal data 'without the consent of the controller.'
Here, the controller will be the clinic itself.
"Although there are defences available to someone charged with the offence — such as that they reasonably believed they had the right to 'obtain' the personal data, or on grounds of public interest — such defences are unlikely to apply where someone knowingly accesses patient notes for no valid or justifiable reason.
Mr Baines explained that an offence is only punishable by a fine.
In England and Wales, although the maximum fine is unlimited, there is no possibility of any custodial sentence.
"A further area of potential investigation for the ICO will be whether the clinic itself complied with its obligations under the UK GDPR to have 'appropriate technical or organisational measures' in place to keep personal data secure.," the data expert continued.
"Serious failures to comply with that obligation could lead to civil monetary penalties from the ICO, to a maximum of £17.5m although, in reality, given that such civil fines must be proportionate, it is rare that such large sums are even considered by the ICO.
Individuals, such as - in this case - The Princess of Wales, can also bring claims for compensation under the UK GDPR, and for 'misuse of private information', where their data protection and privacy rights have been infringed."
Mr Baines added:
"Whatever the outcome from the ICO, anyone working in an environment where they might have access to personal data, particularly of a sensitive nature, should be aware that there are potential criminal law implications arising from unauthorised access.
Any organisation holding such information should ensure it has appropriate measures in place to prevent, or at least reduce the risk, of such access."
Earlier today, a health minister said police have "been asked to look at" whether staff at The London Clinic attempted to access the Princess of Wales' private medical records.
MP Maria Caulfield, who is a nurse serving as Parliamentary Under-Secretary of State for Mental Health and Women's Health Strategy, said there could be “hefty implications” if it turns out anyone accessed the notes without permission, including prosecution or fines.
When questioned whether it should be dealt with as a police matter, Ms Caulfield told LBC:
“Whether they take action is a matter for them. But the Information Commissioner can also take prosecutions, can also issue fines, the NMC (Nursing and Midwifery Council), other health regulators can strike you off the register if the breach is serious enough.
So there are particularly hefty implications if you are looking at notes for medical records that you should not be looking at."
Reassuring listeners, she also told Times Radio:
"For any patient, you want to reassure your listeners that there are strict rules in place around information governance about being able to look at notes even within the trust or a community setting.
You can't just randomly look at any patient's notes. It's taken extremely seriously, both by the information commissioner but also your regulator.
So the NMC (Nursing and Midwifery Council), if as a nurse, you are accessing notes that you haven't got permission to access, they would take enforcement action against that. So it's extremely serious.
And I want to reassure patients that their notes have those strict rules apply to them as they do for the Princess of Wales."
Kensington Palace refused to confirm what Catherine was being treated for at the time of the announcement she had surgery but later confirmed the condition was non-cancerous.
An official statement read:
"Her Royal Highness The Princess of Wales was admitted to The London Clinic yesterday for planned abdominal surgery.
The surgery was successful and it is expected that she will remain in hospital for ten to fourteen days, before returning home to continue her recovery."
The Palace also raised that they wanted to keep her health concerns private, adding:
"Based on the current medical advice, she is unlikely to return to public duties until after Easter. The Princess of Wales appreciates the interest this statement will generate.
She hopes that the public will understand her desire to maintain as much normality for her children as possible; and her wish that her personal medical information remains private.
Kensington Palace will, therefore, only provide updates on Her Royal Highness' progress when there is significant new information to share.
The Princess of Wales wishes to apologise to all those concerned for the fact that she has to postpone her upcoming engagements.
She looks forward to reinstating as many as possible, as soon as possible."
As speculation has swirled regarding the Princess' whereabouts, Catherine was most recently seen stepping out in public with Prince William for the first time at the weekend.
The couple, dressed in sportswear, were spotted walking with shopping bags at a farm shop close to their home on the Windsor estate.
3 notes
·
View notes