Incident Overview
Cambridge University Hospitals (CUH) has reported itself to the UK data protection regulator after employees accessed the medical record of a three year old child who was treated for severe injuries from a crocodile attack. The boy was admitted to Addenbrooke’s Hospital in June after being thrown into an enclosure at a Cambridgeshire wildlife park. The unauthorized access by staff not involved in the child’s care represents a clear violation of patient confidentiality policies.
Implications for Healthcare Organizations
This case highlights a persistent challenge across the health sector: inappropriate access to sensitive patient records by curious staff. For hospital security and compliance teams, it underscores the need for strict access controls, audit logging, and regular training on patient data handling. The Information Commissioner’s Office (ICO) has noted this is a wider issue and is working with NHS England and the National Data Guardian to strengthen protections. Healthcare organizations should review their own access management practices and ensure disciplinary measures are clearly communicated to deter similar breaches.
Source: Healthcare Management UK
