London Clinic probes claim staffer tried to peek at Princess Kate's records The London Clinic where the Princess of Wales had surgery at the start of this year says it is investigating claims an employee tried to access her medical records. Reports of the breach suggest one member of staff at the famous hospital was caught attempting to view notes for Kate Middleton, the future Queen of the United …
Most likely they have some special blocks on accessing the information of royals, and Walter Reed hospital where the president is treated in the US would have blocks against accessing his data. Trivial to set up something where if someone tries to access it, unless they are one of the few named individuals that is allowed access, it sends a message to appropriate people and they can be dealt with.
Obviously that sort of solution would not be practical to implement on a wide scale for every "regular person". But yours and my medical data can't be sold for a million pounds to a tabloid, or used for political purposes in an upcoming election - even though I think many of us on both sides would like the FULL medical data of both Trump and Biden to be released, since one massively lies about the state his health (and everything else) and the other has been widely accused of diminished capabilities of late.
I suppose it depends on the institution, but unauthorized access to patient records is considered a really bad thing.
My daughter works for a large, university-related medical system and was telling me about their policies just last week. A purely accidental access (e.g. clicked on wrong name, exited immediately without further access upon seeing the error) results in discipline. More substantial access results in instant termination without appeal. No explanations listened to, no appeal process, just an immediate escort to the door. It doesn't matter whether the records accessed were of a homeless person or the CEO of a major corporation (no royalty here), the seriousness of the offense is the same.
The misclick would be easy to fix by adding a confirmation like "access John E. Smith DOB 4/14/1977?" and probably fix a few misclicks that didn't get caught because of patients with the same name.
The local (HUGE!) hospital/medical center will ask you to confirm your name/DOB 3-4 times as you check in, when they call you, when you get handed off by the nurse to the doctor, and if you have to check out to make an appointment. If you are actually there for any sort of procedure they will attach a wristband and scan it anytime they do anything like take blood or input information into the computer.
If they are that paranoid about confirming who you are with every step, I'm willing to bet they have a system like I suggest above for accessing a patient's medical records. They don't want to risk someone unknowingly clicking on John E. Smith DOB 3/29/1985 and inputting information about 4/14/1977's vitals and diagnosis into the electronic medical records.
Fine until two people with the same name and d.o.b. inevitably register in the same hospital system.
"I'm sorry, can I just check.. are you the the John E Smith born 14th April 1977 suffering from coronary artery disease, or the John E Smith both 14th April 1977 suffering from syndrome of subjective doubles?"
Fine until two people with the same name and d.o.b. inevitably register in the same hospital system.
For reasons that needn't bother us here, my name is unique in the UK and there's only one other in the world (waves). My sons name is globally unique.
Weirdly we have never ever had a problem with our records being mixed up with anyone elses. It's like a very cool shield against low level fuckups.
I really feel sorry for the smiths, jones, patels and singns. We had two pairs of kids with identical names in a 1,000 pupil high school .....
I'm globally unique (in general, bien sûr, but I'm specifically talking about my name) and I envy the smiths, jones, patels and singhs for the automatic anonymity it brings. Since university gave me my first email address I've been acutely aware that every step I take on the internet is traceable back to me.
I'm the almost the same sharing my name with two other people. It means that crap I posted on Usenet / The Internet when I was a teenager is trivial to find; however, I'm the only person to have published scientific articles with my surname and initial which is easy for people to find me.
Some of the US Media Networks are in a bit of a frenzy over Kate. After the Photoshopping of the family image and her mysterious illness the conspiracy theories about her and Charles are rife. (Charles stepping down as he only has weeks to live and Kate & William divorcing, just to name a few)
I'd expect that there would be a large reward for the gory details of her illness.
Meanwhile here... almost nothing worthy of the headlines. I guess with Trump in deep doo-doo some citizens are considering that a modern day monarchy would not be that bad... or not so bad as a Trumpo dictatorship.
Some of the US Media Networks are in a bit of a frenzy over Kate. After the Photoshopping of the family image and her mysterious illness the conspiracy theories about her and Charles are rife. (Charles stepping down as he only has weeks to live and Kate & William divorcing, just to name a few)
Always have been. I remember a work trip in 2011 and a newsagent in O'Hare had a selection of "single word magazines" along the bottom shelf - you know the sort "Hello", "Okay", "Why?".
More than a couple were running front covers on "the tragedy of Kate's brain tumour".
If you don't recall that episode, it's because their entire basis for the story seemed to be a photo of Kate getting out of a car with a hand to her head. She couldn't possibly have been tucking her hair or scratching an itch - no no, that's what they want you to think. Apparently she was in pain from a brain tumour that was being covered up by The Firm.
As now - the idea that someone might be recuperating from abdominal surgery out of the public eye is unthinkable. She's clearly on her deathbed.
No they do check - I know of one Patient System which runs regular Audit checks on the access audit logs especially around notable names or people involved in incidents in the news.
It's made clear to staff who have access that it's a sackable offence to look at information that is not relevant to your job or the care you are providing. Go the media with it and you will be breaking the law also
Not true. I used to work on an Electronic Patient Record system for a UK software supplier. All access to records was restricted and logged, down to the field level.
In the past, we were asked to investigate inappropriate access to records by staff members. People were sacked for accessing records they shouldn't.
Can't give details for obvious reasons.
I worked for the NHS for some years and yes, there were safeguards in place for regular people's clinical records.
Not going to say what they were, but they got improved on as tech improved: We took our duty to protect patient data seriously.
The Information Commissioner's Office, the local data protection regulator, confirmed to The Register in a statement: "We can confirm that we have received a breach report and are assessing the information provided."
Is this really a breach? Everything I've read said that the staff member tried to access the records and nothing suggests they were successful. It appears that the clinic has the systems in place to prevent unauthorised access to records which is a good thing.
Let me introduce you to the PNC. Very rare they get caught.
I get what you are saying but that would be complicated to implement and would have to have to have been a consideration when designing the system, More likely in the case of high priority patients any access or potential access is logged and flagged. I would guess it's also a different set of groups and permissions so when this person tried they were not able to and got flagged.
Sounds to me like someone who doesn't have access permission tried to login to a PC or app with their credentials and it automatically sent an alert to whoever deals with such things as well as popping up "Access Denied".
I might also speculate that it was some menial member of staff enticed by a promised wad of cash from our typical media scum.
It seems whatever the clinic has in place it's doing it right. But that's not surprising given their need for reputation and their high-profile client base.
I might also speculate that it was some menial member of staff enticed by a promised wad of cash from our typical media scum.
Evil Maid would be an obvious go to - an agency cleaner who has been told "If you get a chance at an unattended Nurses Station, have a look".
That being said, even senior bods can be f-ing idiots sometimes and let their curiosity get the better of them. It's not just probationary Police Officers who get nailed for looking up their ex's new boyfriend in PNC. It's senior ranks who should know better but think they've reached a point where "rank-and-file" rules somehow don't apply to them. I wonder if any consultants have updated their CV recently?
> Would the logs have been audited for a Normy being treated?
In ancient history, I temped in a Medical Records "Library" in a bog-standard NHS hospital, it was basically a warehouse with a a *lot* of paper files and microfilm. There were a few folders belonging to famous people[0] that were locked in the supervisors' office to prevent naughty staff taking a peak. Although, a search for a "Normy"'s folder's location would have been logged, there was nothing to stop you having a look.[1]
[0] Famous people included the local football team and a famous criminal beloved of the British tabloids
[1] By pure chance I did have to deal with a couple of sets of notes from people I knew, I was tempted, but just put them on the shelf as I did for the strangers' records
Is this really a breach? Everything I've read said that the staff member tried to access the records and nothing suggests they were successful. It appears that the clinic has the systems in place to prevent unauthorised access to records which is a good thing.
It looks like my praise might have been a bit hasty, they're being investigated for not reporting the breach quickly enough
Is this really a breach?
In GDPR terms - yes. The attempt to access information that you are not authorised to (even if unsuccessful) is one of the (many) things defined as a breach. Even when unsuccessful, the hospital is still required to take it seriously (although, if their systems prevented the breach they'll get a pat on the back)
I worked for a competitor bank and everything was audited, so if an investigation took place, they could see who (or more accurately, what logged-in staff member - if someone left their system without locking it...) searched, when it was searched and exactly what was searched. And, yes, for certain high profile accounts, it was a sackable offence (this was the early 1990s, so not even a faint smell of GDPR).
Yet the princess's prolonged absence from public life since has led to all sorts of rumor and speculation about the true state of her health. Fears - among some - were stoked further when she released a digitally doctored photo of her with her children on Mothering Sunday.
The fact that tabloids whipped themselves up into a frothing fit about something, doesn't make it notable/newsworthy. The "doctored" photo in question was a matter of minor touch-ups, not pasting Kate's face on someone else's body... a minor faux pas that gave the tabloids an opportunity to scream a bit longer about their self-invented non-story. Lots of smoke, but no fire.
"The "doctored" photo in question was a matter of minor touch-ups"
I have long considered that my not being a UK citizen gives me the opportunity to gladly not know anything about the royal family, including at times who is related to whom. Still, I have heard more about this photo than I'd like to and you are understating the degree of editing involved. A post by a person who enjoys analyzing photos, not someone who tracks the royal family, notes many edits involving all the people depicted and many parts of them. This isn't a minor edit for some aesthetic purpose. What actually was intended is something I don't have to care about, but understating it as "minor touch-ups" is no better than overstating it as "definitely indicates that she died in February" or any other unproven nonsense someone might be trying.
One of the questions I have around this topic - which isn't mentioned by the author - is the increasing prevalence of computational photography. The photo was undoubtedly touched by Photoshop, but then they highlight a bit around Louis' thumb where apparently two frames haven't blended together quite right. This is exactly the sort of artifact we're getting from camera phones stacking multiple exposures in the background - not as an HDR function, but just because that's the way they work these days. It was most recently highlighted with a bride-to-be's startling photo of mirrors showing her in a number of poses.
For users looking to improve an image, Google are even advertising "Best Take" as a feature of the Pixel 8.
And then there was the Samsung S23 Ultra "AI" which "improved" a blurry image of the moon by simply subbing in a better image from the internet...
I wonder how long it will be before news agencies are forced to start refusing images that have come off phones (even for breaking news), because they simply can't trust that the imaging pipeline hasn't compromised the image - even where there exists perfect good faith and there's no deliberate tampering by the user.
"It hasn't been brought up because it's not the cause."
My theory on that is, in someone's mind, saying someone has photoshopped something was much easier than trying to explain a relatively new feature on Apple phones and bringing AI into the equation. I'm really trying not to do a conspiracy thing here but you are just accepting what you are being told and what she has 'admitted' to doing via her PR in a press release. The truth is probably as mundane as the Apple feature.
"saying someone has photoshopped something was much easier than trying to explain a relatively new feature on Apple phones and bringing AI into the equation."
However, the metadata indicates that Photoshop, that specific product, was used to edit it and iPhones were not. This gives us two options:
1. It is what you say, but someone removed anything indicating that an iPhone was involved at all in the image taking process and substituted some mangled data pointing to a standalone camera and Photoshop just to mess with us.
2. It wasn't an iPhone, so it wasn't iPhone AI. Something else did it.
Which seems more likely to you?
"BBC Verify found that the portrait was taken with a Canon camera, and that it was subsequently saved twice in Adobe Photoshop on an Apple Mac computer. The first version was saved on March 8 at 21:54 GMT (or 5:54 p.m. ET), and the second version was saved the following day at 9:39 GMT (or 5:39 a.m. ET)."
https://www.harpersbazaar.com/celebrity/latest/a60177778/kate-middleton-family-photo-edit-metadata/
Apart from anything else, the Princess of Wales needs to learn to save her work more regularly.
Or more likely she demands the scummier parts of the media are given a horse drawn trip to Tyburn, where they are chopped into bits , boiled in oil and their heads placed upon a figgin.
And hopefully no one notices when we throw a number of politicians in for good measure ...
First, did the patient not take her husband's surname when they married? Or does the English press consider that William should have followed old precedent and married a Battenberg or Hohenzollern, that KM's status is morganatic, and that one must constantly keep that in view?
Second, the newspapers I read did mention this matter in passing. The amount of space allocated has been much less than they give to the NCAA basketball tournament or MLB spring training.
This post has been deleted by its author
Seems a bit rich a tabloid protesting about someone trying to access celebrity personal information but of course it could be the person had qualms / cold feet and refused to get / hand over the information to the mirror and they want revenge. My cynicism is running a high today.
There's a balance to be struck between restricting access and not delaying medically-necessary access to records. For example, if I'm in hospital and transferred from one ward to another I want the staff in the new ward to have access to my records immediately, not after some random delay while they wait for IT to set the permissions properly. I'd be happy with fairly open access and a periodic audit to check that everyone who's accessed the records is someone that I was in the care of. Obviously there are people and circumstances for which much tighter controls on access are needed.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
