Probe into claims Southport victims' NHS records accessed

News imagePA Media Bunches of flowers and teddies lined up against a wall next to a road sign reading Tithebarn Road.PA Media
The victims were all injured at a children's dance class in Southport's Hart Street in July 2024

An NHS ambulance trust is investigating accusations that staff inappropriately accessed the records of victims of the Southport attack.

The father of one of the young girls seriously injured in the July 2024 attack said he was "appalled" at the possibility and accused staff at North West Ambulance Service (NWAS) of wanting to "satisfy their own morbid curiosity".

It comes after it emerged in May that dozens of workers at Aintree Hospital, where some of the injured were treated, had looked at the records with no good reason.

NWAS chief executive Salman Desai said: "We have identified concerns about potential inappropriate access to patient records and are formally investigating the matter."

Three young girls - Alice da Silva Aguiar, Bebe King, and Elsie Dot Stancombe - were murdered in the attack, while 10 others were physically injured.

The father of a girl who was 13 when she was injured but survived the attack said: "It is a complete breach of trust in our darkest hours as a family and dampens how you feel about the amazing work they do to save lives.

"It was already incredibly difficult to think that staff at Aintree hospital had needlessly pried into our daughter's condition."

The man cannot be identified due to an anonymity order protecting his daughter, who had been helping to supervise the dance class before she was stabbed in the back and arm.

Solicitors acting for the girl and for another 21 of the 23 girls who survived the attack are calling for a full-scale review by NHS England into the guidance and disciplinary procedures for staff who inappropriately access patient data.

The calls come after another trust, NHS University Hospitals of Liverpool Group (UHLG), admitted in May that nearly 50 staff members at Aintree Hospital had looked inappropriately at the medical records of some of the injured victims in the days after the attack.

Fletchers Solicitors, which is already investigating this breach, said the family were reviewing documents given to them by UHLG about the breaches at Aintree, when they saw information that said staff from North West Ambulance Service might have also accessed their daughter's records without cause.

'Multiple chances'

They said a document stated that under 10 individuals might have inappropriately accessed the incident within the ambulance service.

The father explained that after learning about the Aintree incident, "to then learn that ambulance staff have done the same and we have only found out by raking through these documents is appalling".

He said the NHS trusts were still unable to tell them with certainty whether photographs of their daughter's injuries were viewed by staff and "so we don't know what to believe".

"The decision to share what happened to her should have been our daughter's to make, now nobody can guarantee what data was shared and retained," he added.

"They've had multiple chances to tell us about this but instead we have been left to discover it all two years later, when we should be focusing on recovering and moving forward."

The solicitors firm added that the ambulance trust was "not formally disciplining" staff but had "strengthened their HR process for future incidents".

News imageLeanne Lucas, who has long wavy dark hair, and is wearing a white t-shirt with a circular logo with the catchphrase 'Let's Be Blunt' on the front. She is standing in a kitchen looking into the camera with a determined expression.
Leanne Lucas was critically injured and required multiple surgeries after the attack

Leanne Lucas, who was the instructor at the Taylor Swift-themed dance event where the attack took place, and is one of the three adult survivors, said she was "devastated and horrified" by the latest potential data breach.

"Life has never been the same since 29 July 2024, and so many people are still living with the trauma of that day," she said.

"To now learn of another potential data breach is deeply upsetting, particularly after staff at NHS University Hospitals of Liverpool wrongly accessed my medical records. It feels like insult added to injury."

She said she was now waiting to hear from the ambulance trust as to whether her records were accessed by staff there.

"Whatever the outcome, I hope there is a thorough investigation, full transparency for everyone affected, and robust measures put in place to ensure this can never happen again," she added.

'Culture of snooping'

Nicola Ryan-Donnelly, associate solicitor at Fletchers Solicitors, said: "The recent string of patient data breaches has shown there is a deep-rooted culture of snooping within the NHS.

"People who are seriously injured or dying should not have the added worry that they are being pried on, as they are rushed into hospital fighting for their lives.

"We want to see a full review by NHS England of the current policy governing all NHS staff on inappropriate patient data breaches."

Desai added: "We will contact families and patients who may have been affected as our enquiries progress.

"Any inappropriate access to patient information will be treated extremely seriously. We are deeply sorry for the concern and distress this may cause."

NWAS has notified the Information Commissioner's Office (ICO).

UHLG, which runs Aintree Hospital, has previously said the breach there was "inexcusable" and changes had been made - although no-one was sacked.

An ICO spokesperson said NWAS had made them aware of their internal investigation into the potential inappropriate access of medical records by staff.

"As this is ongoing, we will assess any evidence provided in due course and consider our next steps, including whether any criminal investigations need to be opened for breaking data protection law," they said.

They added the ICO was supporting organisations to address the wider issue of data breaches across the health sector, working closely with the National Data Guardian and NHS England.

There have been a string of cases of NHS staff looking at medical records without reason in recent months.

In June, Cambridge University Hospitals said it was investigating after the medical records of a three-year-old boy hurt in a crocodile pit were accessed by around 40 members of hospital staff.

And in May, Nottingham University Hospitals NHS Trust said 11 members of staff had been dismissed and a further 14 have had actions taken against them for inappropriately accessing medical records of the Nottingham stabbing victims.

Listen to the best of BBC Radio Merseyside on Sounds and follow BBC Merseyside on Facebook, X, and Instagram. You can also send story ideas via Whatsapp to 0808 100 2230.