Southport attack victims' medical records 'accessed inappropriately'

The NHS University Hospitals of Liverpool Group (UHLG) has acknowledged that nearly 50 staff members improperly accessed the medical records of victims following the Southport knife attack in July 2024. This breach took place at Aintree Hospital in Liverpool, where some of those injured in the attack were treated. The incident has only recently come to light, despite occurring nearly two years ago. Among the patients whose records were accessed was a 13-year-old girl who helped supervise the Taylor Swift-themed children’s dance class targeted in the assault, alongside adult teacher Leanne Lucas.

Leanne Lucas, who was critically injured with five stab wounds during the attack that resulted in three children killed and multiple others seriously harmed, expressed her deep distress over the invasion of her privacy. She remarked, “I am absolutely devastated and horrified that my privacy has been invaded when I was at my most vulnerable. Nothing will take away my gratitude to the staff who saved my life, but 48 people not involved in my care abused their position of trust to access the files of victims who have suffered unspeakable trauma.” The breach came to light through a routine information access audit conducted by the hospital shortly after the attack.

Legal representatives of the affected victims have condemned the actions, highlighting the severity of the trust violation. Nicola Ryan-Donnelly of Fletcher’s Solicitors, representing the teenage patient, emphasized the emotional impact: “This is a deeply disturbing abuse of power and a shocking breach of privacy… Our client… is old enough to properly understand what this means: that staff opened her records, not to aid her recovery but to pry.” Similarly, solicitor Nicola Brook from Broudie Jackson Canter, representing adult survivors, stated, “This is a truly unbelievable breach of privacy… That speaks to a culture, and one that will only change if there are real consequences for those responsible.”

In response, James Sumner, UHLG’s chief executive, issued an apology for the distress caused and confirmed that disciplinary procedures had been initiated for the employees involved, ranging from informal counselling to final written warnings, though no staff members were dismissed. Sumner explained the decision not to immediately inform the patients was based on clinical advice considering the possible psychological impact. The trust also notified relevant regulators, including the Information Commissioner’s Office (ICO), which has declined to launch a criminal investigation at this time but has reminded healthcare organizations of the critical importance of protecting patient data. Advocates and political figures have spoken out about the breach, highlighting concerns over confidentiality and patient trust, while calling for greater accountability and assurances that similar incidents will not recur

Read the full article from The BBC here: Read More