The head of the NHS has threatened any unauthorised staff member who views patient medical records with dismissal or a potential prison sentence in what he described as a “disgraceful breach of patient trust and against the law”.
Sir Jim Mackey’s strong remarks follow a series of investigations into healthcare workers accessing sensitive information without legitimate cause.
Last month, Cambridge University Hospitals (CUH) launched an inquiry after approximately 40 staff members reportedly accessed the medical records of a three-year-old boy injured in a crocodile pit.
The trust has referred itself to the Information Commissioner’s Office (ICO) and is assessing whether each individual had a valid reason for viewing the child’s data.
Separately, CUH recently dismissed five employees for similar inappropriate access to patient records.
In the same period, a former healthcare worker received a caution from the ICO for attempting to obtain and sell the medical records belonging to the Princess of Wales.

In May, Nottingham University Hospitals NHS Trust (NUH) said “11 members of staff have been dismissed and a further 14 have had actions taken against them” for inappropriately accessing medical records of the Nottingham stabbing victims.
Students Barnaby Webber and Grace O’Malley-Kumar, plus grandfather Ian Coates, were stabbed to death by Valdo Calocane in 2023.
Sir Jim said on Wednesday that looking at records for personal reasons or out of curiosity would not be tolerated by the NHS.
The health service has launched a new campaign to remind staff what constitutes unlawful access, the potential impacts on patients and how staff could end up losing their jobs.
Employers can report breaches to the ICO and the police, who can launch criminal prosecutions, as well as to professional regulators.
The guidance from the NHS also tells employers to ensure appropriate technical controls are in place to protect people’s information without stopping staff from doing their jobs.

These can include “role-based” controls so only those involved in a patient’s care can access records and multi-factor authentication.
Sir Jim said: “Patients must be able to trust that their personal information is kept confidential by the NHS – any instance of staff looking at records without a valid reason is wholly unacceptable, a disgraceful breach of patients’ trust and against the law.
“While the majority of NHS staff handle patient information responsibly and professionally every day, it’s been incredibly worrying that a small number have chosen to undermine the trust that patients place in them and caused such additional distress for families who deserved so much better from us.
“Anyone considering accessing records for personal reasons or out of curiosity should be in no doubt they could be putting their career at risk and may face disciplinary action, dismissal, referral to the regulator or even time in prison.
“We will not tolerate a culture of curiosity when it comes to patient confidentiality – there is no place in the NHS for those who misuse patient information and together we will take firm action to prevent and monitor unlawful access, and to act decisively when that occurs.”






