back to article London Clinic probes claim staffer tried to peek at Princess Kate's records

The London Clinic where the Princess of Wales had surgery at the start of this year says it is investigating claims an employee tried to access her medical records. Reports of the breach suggest one member of staff at the famous hospital was caught attempting to view notes for Kate Middleton, the future Queen of the United …

  1. Anonymous Coward
    Anonymous Coward

    Hard to fight the feeling that had this been a regular person

    fuck all would have been done.

    1. DS999 Silver badge

      Re: Hard to fight the feeling that had this been a regular person

      Most likely they have some special blocks on accessing the information of royals, and Walter Reed hospital where the president is treated in the US would have blocks against accessing his data. Trivial to set up something where if someone tries to access it, unless they are one of the few named individuals that is allowed access, it sends a message to appropriate people and they can be dealt with.

      Obviously that sort of solution would not be practical to implement on a wide scale for every "regular person". But yours and my medical data can't be sold for a million pounds to a tabloid, or used for political purposes in an upcoming election - even though I think many of us on both sides would like the FULL medical data of both Trump and Biden to be released, since one massively lies about the state his health (and everything else) and the other has been widely accused of diminished capabilities of late.

      1. Wily Veteran

        Re: Hard to fight the feeling that had this been a regular person

        I suppose it depends on the institution, but unauthorized access to patient records is considered a really bad thing.

        My daughter works for a large, university-related medical system and was telling me about their policies just last week. A purely accidental access (e.g. clicked on wrong name, exited immediately without further access upon seeing the error) results in discipline. More substantial access results in instant termination without appeal. No explanations listened to, no appeal process, just an immediate escort to the door. It doesn't matter whether the records accessed were of a homeless person or the CEO of a major corporation (no royalty here), the seriousness of the offense is the same.

        1. Martin-73 Silver badge

          Re: Hard to fight the feeling that had this been a regular person

          The misclick treatment seems a little harsh, but the rest is reassuring

        2. DS999 Silver badge

          Re: Hard to fight the feeling that had this been a regular person

          The misclick would be easy to fix by adding a confirmation like "access John E. Smith DOB 4/14/1977?" and probably fix a few misclicks that didn't get caught because of patients with the same name.

          The local (HUGE!) hospital/medical center will ask you to confirm your name/DOB 3-4 times as you check in, when they call you, when you get handed off by the nurse to the doctor, and if you have to check out to make an appointment. If you are actually there for any sort of procedure they will attach a wristband and scan it anytime they do anything like take blood or input information into the computer.

          If they are that paranoid about confirming who you are with every step, I'm willing to bet they have a system like I suggest above for accessing a patient's medical records. They don't want to risk someone unknowingly clicking on John E. Smith DOB 3/29/1985 and inputting information about 4/14/1977's vitals and diagnosis into the electronic medical records.

          1. Blazde Silver badge

            Re: Hard to fight the feeling that had this been a regular person

            Fine until two people with the same name and d.o.b. inevitably register in the same hospital system.

            "I'm sorry, can I just check.. are you the the John E Smith born 14th April 1977 suffering from coronary artery disease, or the John E Smith both 14th April 1977 suffering from syndrome of subjective doubles?"

            1. Anonymous Coward
              Anonymous Coward

              Re: Hard to fight the feeling that had this been a regular person

              Fine until two people with the same name and d.o.b. inevitably register in the same hospital system.

              For reasons that needn't bother us here, my name is unique in the UK and there's only one other in the world (waves). My sons name is globally unique.

              Weirdly we have never ever had a problem with our records being mixed up with anyone elses. It's like a very cool shield against low level fuckups.

              I really feel sorry for the smiths, jones, patels and singns. We had two pairs of kids with identical names in a 1,000 pupil high school .....

              1. Missing Semicolon Silver badge
                Happy

                Re: Hard to fight the feeling that had this been a regular person

                My name is incorrectly spelt in the NHS. I know enough not to even consider trying to update it!

                1. Androgynous Cupboard Silver badge

                  Re: Hard to fight the feeling that had this been a regular person

                  Is it... missing a semicolon? Because if so you seem to have really let it get to you.

              2. Anonymous Coward
                Anonymous Coward

                Re: Hard to fight the feeling that had this been a regular person

                I'm globally unique (in general, bien sûr, but I'm specifically talking about my name) and I envy the smiths, jones, patels and singhs for the automatic anonymity it brings. Since university gave me my first email address I've been acutely aware that every step I take on the internet is traceable back to me.

                1. Korev Silver badge
                  Big Brother

                  Re: Hard to fight the feeling that had this been a regular person

                  I'm the almost the same sharing my name with two other people. It means that crap I posted on Usenet / The Internet when I was a teenager is trivial to find; however, I'm the only person to have published scientific articles with my surname and initial which is easy for people to find me.

                2. werdsmith Silver badge

                  Re: Hard to fight the feeling that had this been a regular person

                  and I envy the smiths, jones, patels and singhs for the automatic anonymity it brings

                  But I can't publish a book under my own name, there are so many or me already in print.

            2. Helcat

              Re: Hard to fight the feeling that had this been a regular person

              Nope: Name, Date of Birth and Post Code. If there's still more than one person showing, house number. If that isn't unique enough... you're a twin and your parents hate you.

              1. katrinab Silver badge
                Gimp

                Re: Hard to fight the feeling that had this been a regular person

                Or John Smith is dating another person who happens to be called John Smith ...

        3. Ian Johnston Silver badge

          Re: Hard to fight the feeling that had this been a regular person

          That all sounds very theatrical. What actually matters is not how they deal with unauthorised access, but how easy it is to get authorised access.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hard to fight the feeling that had this been a regular person

      Some of the US Media Networks are in a bit of a frenzy over Kate. After the Photoshopping of the family image and her mysterious illness the conspiracy theories about her and Charles are rife. (Charles stepping down as he only has weeks to live and Kate & William divorcing, just to name a few)

      I'd expect that there would be a large reward for the gory details of her illness.

      Meanwhile here... almost nothing worthy of the headlines. I guess with Trump in deep doo-doo some citizens are considering that a modern day monarchy would not be that bad... or not so bad as a Trumpo dictatorship.

      1. Fruit and Nutcase Silver badge
        Joke

        Re: Hard to fight the feeling that had this been a regular person

        some citizens are considering that a modern day monarchy...

        I suppose the Kardashians will do

      2. rg287 Silver badge

        Re: Hard to fight the feeling that had this been a regular person

        Some of the US Media Networks are in a bit of a frenzy over Kate. After the Photoshopping of the family image and her mysterious illness the conspiracy theories about her and Charles are rife. (Charles stepping down as he only has weeks to live and Kate & William divorcing, just to name a few)

        Always have been. I remember a work trip in 2011 and a newsagent in O'Hare had a selection of "single word magazines" along the bottom shelf - you know the sort "Hello", "Okay", "Why?".

        More than a couple were running front covers on "the tragedy of Kate's brain tumour".

        If you don't recall that episode, it's because their entire basis for the story seemed to be a photo of Kate getting out of a car with a hand to her head. She couldn't possibly have been tucking her hair or scratching an itch - no no, that's what they want you to think. Apparently she was in pain from a brain tumour that was being covered up by The Firm.

        As now - the idea that someone might be recuperating from abdominal surgery out of the public eye is unthinkable. She's clearly on her deathbed.

    3. Anonymous Coward
      Anonymous Coward

      Re: Hard to fight the feeling that had this been a regular person

      She, like the rest of the leeches, IS “regular people.”

      The royals are just an accident of birth plus a concerted and massive effort from a well funded hype machine.

    4. hoofie2002

      Re: Hard to fight the feeling that had this been a regular person

      No they do check - I know of one Patient System which runs regular Audit checks on the access audit logs especially around notable names or people involved in incidents in the news.

      It's made clear to staff who have access that it's a sackable offence to look at information that is not relevant to your job or the care you are providing. Go the media with it and you will be breaking the law also

      1. Lord Elpuss Silver badge

        Re: Hard to fight the feeling that had this been a regular person

        Why capitalise audit?

    5. jmch Silver badge

      Re: Hard to fight the feeling that had this been a regular person

      Hard to fight the feeling that had this been a regular person, nobody would be interested in accessing their file

      1. Anonymous Coward
        Anonymous Coward

        Re: Hard to fight the feeling that had this been a regular person

        No. You even get in serious poo for looking yourself up.

        Most systems have a "test subject" - Fred Bloggs or John Doe for people in the USA.

    6. Anonymous Coward
      Anonymous Coward

      Re: Hard to fight the feeling that had this been a regular person

      Not true. I used to work on an Electronic Patient Record system for a UK software supplier. All access to records was restricted and logged, down to the field level.

      In the past, we were asked to investigate inappropriate access to records by staff members. People were sacked for accessing records they shouldn't.

      Can't give details for obvious reasons.

    7. Helcat

      Re: Hard to fight the feeling that had this been a regular person

      I worked for the NHS for some years and yes, there were safeguards in place for regular people's clinical records.

      Not going to say what they were, but they got improved on as tech improved: We took our duty to protect patient data seriously.

      1. Fruit and Nutcase Silver badge
        Big Brother

        Re: Hard to fight the feeling that had this been a regular person

        We took our duty to protect patient data seriously.

        Unlike the politicians in charge who are only too keen to serve it up on a platter with a cherry on top to Mega Corp

  2. Furious Reg reader John
    Facepalm

    "not being able buy a meat pie with a credit card"

    "not being able buy a meat pie with a credit card" - I don't think Paul Kunert has ever been to a Greggs, given they don't sell meat pies even when their credit card payment system is working.

    1. mobailey

      Re: "not being able buy a meat pie with a credit card"

      I counted 3.14 pieces of meat in my Steak Bake.

      1. Will Godfrey Silver badge
        Coat

        Re: "not being able buy a meat pie with a credit card"

        You were short changed. It should have been at least 3.14159

        1. Korev Silver badge
          Coat

          Re: "not being able buy a meat pie with a credit card"

          Being Rightpondian I prefer 22/7 meat pies

          1. Spanners Silver badge
            Happy

            Re: "not being able buy a meat pie with a credit card"

            Being an engineer, I like 355/113 pieces in mine.

  3. Korev Silver badge
    Thumb Up

    The Information Commissioner's Office, the local data protection regulator, confirmed to The Register in a statement: "We can confirm that we have received a breach report and are assessing the information provided."

    Is this really a breach? Everything I've read said that the staff member tried to access the records and nothing suggests they were successful. It appears that the clinic has the systems in place to prevent unauthorised access to records which is a good thing.

    1. Tom Chiverton 1 Silver badge

      No member of medical staff should have even been trying without good reason. This is basic training level stuff.

      Would the logs have been audited for a Normy being treated? This isn't a Normy hospital, maybe it's SOP to cross check access attempts with staff who have a need to know...

      1. hoola Silver badge

        Maybe even more basic, staff will be assigned to wards or maybe even patients. If someone attempts to look at records that are outside their remit the access is flagged.

        1. Anonymous Coward
          Anonymous Coward

          Let me introduce you to the PNC. Very rare they get caught.

          I get what you are saying but that would be complicated to implement and would have to have to have been a consideration when designing the system, More likely in the case of high priority patients any access or potential access is logged and flagged. I would guess it's also a different set of groups and permissions so when this person tried they were not able to and got flagged.

      2. Jason Bloomberg Silver badge

        Sounds to me like someone who doesn't have access permission tried to login to a PC or app with their credentials and it automatically sent an alert to whoever deals with such things as well as popping up "Access Denied".

        I might also speculate that it was some menial member of staff enticed by a promised wad of cash from our typical media scum.

        It seems whatever the clinic has in place it's doing it right. But that's not surprising given their need for reputation and their high-profile client base.

        1. rg287 Silver badge

          I might also speculate that it was some menial member of staff enticed by a promised wad of cash from our typical media scum.

          Evil Maid would be an obvious go to - an agency cleaner who has been told "If you get a chance at an unattended Nurses Station, have a look".

          That being said, even senior bods can be f-ing idiots sometimes and let their curiosity get the better of them. It's not just probationary Police Officers who get nailed for looking up their ex's new boyfriend in PNC. It's senior ranks who should know better but think they've reached a point where "rank-and-file" rules somehow don't apply to them. I wonder if any consultants have updated their CV recently?

      3. Korev Silver badge
        Big Brother

        > Would the logs have been audited for a Normy being treated?

        In ancient history, I temped in a Medical Records "Library" in a bog-standard NHS hospital, it was basically a warehouse with a a *lot* of paper files and microfilm. There were a few folders belonging to famous people[0] that were locked in the supervisors' office to prevent naughty staff taking a peak. Although, a search for a "Normy"'s folder's location would have been logged, there was nothing to stop you having a look.[1]

        [0] Famous people included the local football team and a famous criminal beloved of the British tabloids

        [1] By pure chance I did have to deal with a couple of sets of notes from people I knew, I was tempted, but just put them on the shelf as I did for the strangers' records

    2. hoola Silver badge

      Also one has to speculate as to what actually happened.

      Given the amazing integrity of our newspapers there is also the possibility the member of staff was approached by a reporter and offered money.

      Maybe I am just a cynical old fart!

      1. Lord Elpuss Silver badge

        Old adage: everything's for sale, including morality. It just depends on the price.

        People can and will argue that they would 'never' do something e.g. access records they're not allowed to, until some Middle East outfit offers them a billion quid no questions asked.

      2. Ian Johnston Silver badge

        Given the amazing integrity of our newspapers there is also the possibility the member of staff was approached by a reporter and offered money.

        The possibility? i think the phrase you are looking for is "absolute dead certainty".

    3. Korev Silver badge
      Big Brother

      Is this really a breach? Everything I've read said that the staff member tried to access the records and nothing suggests they were successful. It appears that the clinic has the systems in place to prevent unauthorised access to records which is a good thing.

      It looks like my praise might have been a bit hasty, they're being investigated for not reporting the breach quickly enough

    4. CrazyOldCatMan Silver badge

      Is this really a breach?

      In GDPR terms - yes. The attempt to access information that you are not authorised to (even if unsuccessful) is one of the (many) things defined as a breach. Even when unsuccessful, the hospital is still required to take it seriously (although, if their systems prevented the breach they'll get a pat on the back)

  4. Anonymous Coward
    Anonymous Coward

    When I worked at RBS (which owns Coutts), I'd heard that looking at the Queen's account without good reason was considered a sackable offence; not sure how true it was, but I never dug into anyone's account details on the systems to test the theory...

    1. Wally Dug

      I worked for a competitor bank and everything was audited, so if an investigation took place, they could see who (or more accurately, what logged-in staff member - if someone left their system without locking it...) searched, when it was searched and exactly what was searched. And, yes, for certain high profile accounts, it was a sackable offence (this was the early 1990s, so not even a faint smell of GDPR).

    2. Helcat

      Well, up to 1st May 2008, as reported by this very site, there were 610 civil servants who have been disciplined or sacked for inappropriately accessing tax returns, so yes, I'd say looking at anyone's account without good reason could get you sacked.

  5. rcxb Silver badge

    Don't dignify the tabloids

    Yet the princess's prolonged absence from public life since has led to all sorts of rumor and speculation about the true state of her health. Fears - among some - were stoked further when she released a digitally doctored photo of her with her children on Mothering Sunday.

    The fact that tabloids whipped themselves up into a frothing fit about something, doesn't make it notable/newsworthy. The "doctored" photo in question was a matter of minor touch-ups, not pasting Kate's face on someone else's body... a minor faux pas that gave the tabloids an opportunity to scream a bit longer about their self-invented non-story. Lots of smoke, but no fire.

    1. doublelayer Silver badge

      Re: Don't dignify the tabloids

      "The "doctored" photo in question was a matter of minor touch-ups"

      I have long considered that my not being a UK citizen gives me the opportunity to gladly not know anything about the royal family, including at times who is related to whom. Still, I have heard more about this photo than I'd like to and you are understating the degree of editing involved. A post by a person who enjoys analyzing photos, not someone who tracks the royal family, notes many edits involving all the people depicted and many parts of them. This isn't a minor edit for some aesthetic purpose. What actually was intended is something I don't have to care about, but understating it as "minor touch-ups" is no better than overstating it as "definitely indicates that she died in February" or any other unproven nonsense someone might be trying.

      1. rg287 Silver badge

        Re: Don't dignify the tabloids

        One of the questions I have around this topic - which isn't mentioned by the author - is the increasing prevalence of computational photography. The photo was undoubtedly touched by Photoshop, but then they highlight a bit around Louis' thumb where apparently two frames haven't blended together quite right. This is exactly the sort of artifact we're getting from camera phones stacking multiple exposures in the background - not as an HDR function, but just because that's the way they work these days. It was most recently highlighted with a bride-to-be's startling photo of mirrors showing her in a number of poses.

        For users looking to improve an image, Google are even advertising "Best Take" as a feature of the Pixel 8.

        And then there was the Samsung S23 Ultra "AI" which "improved" a blurry image of the moon by simply subbing in a better image from the internet...

        I wonder how long it will be before news agencies are forced to start refusing images that have come off phones (even for breaking news), because they simply can't trust that the imaging pipeline hasn't compromised the image - even where there exists perfect good faith and there's no deliberate tampering by the user.

        1. Androgynous Cupboard Silver badge

          Re: Don't dignify the tabloids

          And now I've learned something new today. That's very interesting, thank you - the "bride photo" is most amusing.

        2. Ian Johnston Silver badge

          Re: Don't dignify the tabloids

          This is exactly the sort of artifact we're getting from camera phones stacking multiple exposures in the background

          According to the BBC EXIF data shows that the image was taken with a Canon lens. Other reports say Canon camera.

    2. Martin Summers

      Re: Don't dignify the tabloids

      If she took the photo on an iPhone they have an AI best shot feature that has been known to create impossible photos involving mirrors from amalgamation of many images. I'm amazed this hasn't been brought up and considered in this case.

      1. Lord Elpuss Silver badge

        Re: Don't dignify the tabloids

        It hasn't been brought up because it's not the cause. It might explain one or two of the artifacts, but the rest are clearly photoshop; plus Kate admitted she'd Photoshopped it.

        1. Martin Summers

          Re: Don't dignify the tabloids

          "It hasn't been brought up because it's not the cause."

          My theory on that is, in someone's mind, saying someone has photoshopped something was much easier than trying to explain a relatively new feature on Apple phones and bringing AI into the equation. I'm really trying not to do a conspiracy thing here but you are just accepting what you are being told and what she has 'admitted' to doing via her PR in a press release. The truth is probably as mundane as the Apple feature.

          1. doublelayer Silver badge

            Re: Don't dignify the tabloids

            "saying someone has photoshopped something was much easier than trying to explain a relatively new feature on Apple phones and bringing AI into the equation."

            However, the metadata indicates that Photoshop, that specific product, was used to edit it and iPhones were not. This gives us two options:

            1. It is what you say, but someone removed anything indicating that an iPhone was involved at all in the image taking process and substituted some mangled data pointing to a standalone camera and Photoshop just to mess with us.

            2. It wasn't an iPhone, so it wasn't iPhone AI. Something else did it.

            Which seems more likely to you?

      2. Ian Johnston Silver badge

        Re: Don't dignify the tabloids

        "BBC Verify found that the portrait was taken with a Canon camera, and that it was subsequently saved twice in Adobe Photoshop on an Apple Mac computer. The first version was saved on March 8 at 21:54 GMT (or 5:54 p.m. ET), and the second version was saved the following day at 9:39 GMT (or 5:39 a.m. ET)."

        https://www.harpersbazaar.com/celebrity/latest/a60177778/kate-middleton-family-photo-edit-metadata/

        Apart from anything else, the Princess of Wales needs to learn to save her work more regularly.

        1. veti Silver badge

          Re: Don't dignify the tabloids

          There may have been any number of autosaves or intermediate manual saves in there, but they wouldn't show up in the data if they were never used. Looks like she closed it down one evening, then got up early next morning to finish it.

  6. abend0c4 Silver badge

    The future Queen of the United Kingdom

    I wouldn't entirely write off the prospect of a republic - or indeed that she might just yet decide life would be a lot pleasanter teaching Photoshop in New Zealand.

    1. Boris the Cockroach Silver badge
      Happy

      Re: The future Queen of the United Kingdom

      Or more likely she demands the scummier parts of the media are given a horse drawn trip to Tyburn, where they are chopped into bits , boiled in oil and their heads placed upon a figgin.

      And hopefully no one notices when we throw a number of politicians in for good measure ...

    2. veti Silver badge

      Re: The future Queen of the United Kingdom

      Oi! Just because we're small, doesn't mean we don't have standards. Kate is manifestly not qualified to teach Photoshop at a professional level, here or anywhere else.

  7. joewilliamsebs

    "Kate was spotted at a farm shop doing a spot of shopping"

    Ah yes, as the immediate heir to the throne and his wife do on the regular.

  8. Anonymous Coward
    Anonymous Coward

    The Royal industry

    It’s difficult to remain relevant when you operate a medieval business.

    1. veti Silver badge

      Re: The Royal industry

      Tell that to every landlord in the world.

  9. gandalfcn Silver badge

    If the RF had been honest from the beginning none of this would have existed.. Betty Two Stroke was hoding the crumbling edifice together. Charles never seemed to want the job and here we are. Fiasco after fiasco.. Keeps a certain section of the media and demographic occupied mind!

    1. Martin Summers

      Nobody's medical records are anyone's business but their own. Royal family or not. We aren't entitled to know about that just because a large part of her life is now public.

    2. veti Silver badge

      Oh bullshit. Wankers gonna wank, no matter how open and transparent people are.

      At least the tabloids have an excuse - economic necessity. Half a million randos on social media, though, that's another matter.

  10. feral

    more dodgy photos

    "All was proved well at the weekend when a healthy looking Kate was spotted at a farm shop doing a spot of shopping."

    Except it was clear that the Kate in the photos wasn't her... It doesn't look like her. Probably a body double.

  11. disgruntled yank

    KM & USA

    First, did the patient not take her husband's surname when they married? Or does the English press consider that William should have followed old precedent and married a Battenberg or Hohenzollern, that KM's status is morganatic, and that one must constantly keep that in view?

    Second, the newspapers I read did mention this matter in passing. The amount of space allocated has been much less than they give to the NCAA basketball tournament or MLB spring training.

  12. Winkypop Silver badge
    Alien

    Space Aliens!

    You know it’s true!

  13. Lord Elpuss Silver badge

    "All was proved well at the weekend when a healthy looking Kate was spotted at a farm shop doing a spot of shopping."

    Haha tell me this is a joke.

  14. Anonymous Coward
    Anonymous Coward

    peek at Princess Kate's records

    I'm relieved all us plebs enjoy such an exemplary level of personal data protection!

    1. Lord Elpuss Silver badge

      Re: peek at Princess Kate's records

      You do.

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    A bit rich

    Seems a bit rich a tabloid protesting about someone trying to access celebrity personal information but of course it could be the person had qualms / cold feet and refused to get / hand over the information to the mirror and they want revenge. My cynicism is running a high today.

  17. MichaelGordon

    There's a balance to be struck between restricting access and not delaying medically-necessary access to records. For example, if I'm in hospital and transferred from one ward to another I want the staff in the new ward to have access to my records immediately, not after some random delay while they wait for IT to set the permissions properly. I'd be happy with fairly open access and a periodic audit to check that everyone who's accessed the records is someone that I was in the care of. Obviously there are people and circumstances for which much tighter controls on access are needed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like