An investigation has been launched into claims that health records relating to the Princess of Wales’ January stay in The London Clinic may have been improperly accessed. The breach report has been received by the U.K. Information Commissioner’s Office, which is currently assessing the information provided. If the breach is confirmed, the individuals responsible could face legal consequences as accessing patient records without consent is a criminal offense.
The London Clinic's chief executive emphasized the importance of patient confidentiality and stated that appropriate investigative and disciplinary actions would be taken if a breach is found. The alleged breach is said to involve up to three staff members accessing the records without permission, rather than an external hacking incident.
This incident highlights the critical need for robust cybersecurity measures and ongoing staff training to mitigate insider threats in healthcare settings. Experts stress that employees with access to personal data must have the necessary permissions and legal rights to handle such information.
The potential criminality of the breach will be a key focus of the ICO investigation, as unauthorized access to personal data is a punishable offense under the Data Protection Act 2018. The Act specifies that obtaining or disclosing personal data without the controller's consent is illegal, and standard defenses against such charges may not apply in this case.
