The UK medical regulator has launched an investigation into a “stalker” doctor who accessed intimate details of the health history of a woman who had begun dating the doctor’s ex-boyfriend.
The General Medical Council (GMC) is investigating whether the doctor – a consultant at Addenbrooke’s hospital in Cambridge – breached their professional, ethical and legal duties to protect the woman’s personal information.
The victim has given the watchdog a statement detailing the consultant’s repeated violations of her medical records and documentation that shows what she did.
The GMC declined to comment because it has not yet decided to open a formal disciplinary case against the consultant, who could face serious sanctions including a ban on working as a doctor. One of the GMC’s investigative officers is examining the victim’s claims and collecting evidence.
The GMC did set out the key areas of Good Medical Practice, its manual on doctor’s ethical duties, and its rules on confidentiality that the consultant may have breached.
The Guardian revealed on Sunday how the doctor had looked at the victim’s hospital and GP records seven times last August and September, in the early stages of the woman’s relationship with a man the consultant had been involved with for several years.
The victim said she felt “anger, fear, shock and horror” when an audit by Addenbrooke’s of who had accessed her records showed that the doctor – who was not involved in her care – had spent time reading them, including several times while on holiday.
The consultant shared some of the information on the victim and her family that she had gleaned with the ex-boyfriend and lied about where she had obtained it, insisting it was from friends, members of her choir, and gossip.
Cambridge university hospitals NHS trust, which runs Addenbrooke’s, has acknowledged the multiple breaches and apologised to the woman. It said the doctor’s behaviour “was fully investigated in line with the trust’s disciplinary policy and appropriate action taken”. But it declined to say what if any sanctions had been taken, citing the doctor’s right to privacy.
The Guardian has decided not to name the doctor or the victim. The consultant used Epic, the Addenbrooke’s hospital records system, to access the woman’s GP records, which contained highly sensitive details about a family tragedy and how it had affected the victim and her children.
The victim said: “My referral to the GMC was based on my concern that a doctor had illegitimately accessed my data and used it in a destructive or malicious manner. In doing so, she had broken the law, as well as her ethical, professional and contractual obligations. I was also concerned by her behaviour and that this undermined her fitness to practise as a doctor.”
The GMC rules that the consultant may have broken include those specifying that:
“Doctors are under both ethical and legal duties to protect patients’ personal information from improper disclosure.”
“Good doctors work in partnership with patients and respect their rights to privacy and dignity.”
“You must make sure that your conduct justifies your patients’ trust in you and the public’s trust in the profession.”
Doctors can access patients’ medical records but need a legitimate reason for doing so. Under NHS data governance procedures, when seeking access, they have to assure their employer that they have a valid clinical interest in doing so, usually because they are part of a team treating the patient.
Sam Smith, of the health data experts MedConfidential, said the NHS had no idea how often a doctor accessed a patient’s medical records without due cause, as in this case. Patients rarely complain because they have no way of knowing it has happened unless someone tells them, and the NHS has no way of establishing whether staff who have looked at records did so for the proper reasons.