An investigation has been launched into claims that ambulance staff inappropriately accessed the medical records of a teenage survivor of the Southport attack. The girl's father has expressed disgust, accusing staff of seeking to 'satisfy their own morbid curiosity' rather than checking on her condition.
Details of the Breach
The incident occurred two years ago, after the 13-year-old girl was stabbed multiple times during the attack on July 29, 2024, suffering a punctured lung, a serious stab wound to her arm, and a fractured spine. She was initially rushed to Alder Hey Children's Hospital by ambulance before being diverted to Aintree University Hospital for emergency treatment and surgery. The family has now learned that ambulance staff may have accessed her records, just two months after being told that staff at University Hospital Liverpool Group had viewed her medical records.
According to Fletchers Solicitors, which represents 22 of the 23 girls who survived the attack, a document provided to the family states: 'There are under 10 individuals who may have inappropriately accessed the incident in the ambulance service.' The document adds that the North West Ambulance Service (NWAS) is 'not formally disciplining' staff but has 'strengthened their HR process for future incidents'.
Official Response
Salman Desai, chief executive of NWAS, said: 'We have identified concerns about potential inappropriate access to patient records and are formally investigating the matter. We will contact families and patients who may have been affected as our enquiries progress. Any inappropriate access to patient information will be treated extremely seriously. We are deeply sorry for the concern and distress this may cause.'
The ECHO understands that NWAS has notified the Information Commissioner's Office (ICO) about the breach.
Family's Reaction
The girl's father said: 'It is a complete breach of trust in our darkest hours as a family and dampens how you feel about the amazing work they do to save lives. It was already incredibly difficult to think that staff at Aintree hospital had needlessly pried into our daughter’s condition, but to then learn that ambulance staff have done the same and we have only found out by raking through these documents is appalling. They weren’t checking on her condition, they just wanted to satisfy their own morbid curiosity.'
He added: 'The Trusts are still unable to tell us with certainty whether photographs of our daughter’s injuries were viewed by staff, so we don’t know what to believe. The decision to share what happened to her should have been our daughter’s to make, now nobody can guarantee what data was shared and retained. They’ve had multiple chances to tell us about this but instead we have been left to discover it all two years later, when we should be focusing on recovering and moving forward.'
Broader Concerns
The father previously explained how the initial records breach affected his family, saying: 'It was about 36 hours until it was out in the headlines. With the anonymity, it's protecting the girls and the families, but on the flip side, because of that and the data breach, we're in the situation where we don't know what information people have, not just the press but private individuals who accessed her records. The eldest is now worried that she's going to wake up on her 18th birthday and all of her injuries are going to be out there in the press. That's her story to tell if she chooses to do so. She's now struggling with this. We wouldn't have found this out if it wasn't for the press. They weren't going to tell us but they felt they had to when a journalist asked them about it.'
Calls have been made for the government to take action to prevent such breaches in the future. Nicola Ryan-Donnelly, associate solicitor at Fletchers Solicitors, said: 'The recent string of patient data breaches has shown there is a deep-rooted culture of snooping within the NHS. People who are seriously injured or dying should not have the added worry that they are being pried on, as they are rushed into hospital fighting for their lives. We want to see a full review by NHS England of the current policy governing all NHS staff on inappropriate patient data breaches.'
She added: 'As the Hillsborough Law Bill is set to be approved this week, public bodies like the NHS now have a legal duty of candour to disclose these breaches to patients. But at present patient protections appear dangerously patchy, with NHS Trusts seemingly free to enforce the rules how they see fit for their area alone. NHS staff who accessed the records of the Nottingham attack victims were dismissed from their roles; but only after an inquiry and public outrage scrutinised the actions of Trust bosses. At Aintree Hospital, only five members of staff were given a final written warning after accessing the records of a young girl stabbed multiple times in the Southport attack. Because of their delays in telling the victims of the breach, several staff members had moved on from their job before they were ever sanctioned. This is not good enough. The behaviour by these NHS workers is staggering and deserves more than a slap on the wrist.'
Ryan-Donnelly also warned about the proposed Single Patient Record, saying: 'In the coming years the Government wants to introduce the Single Patient Record, but in light of recent events, we fear this could open the floodgates to give any NHS worker anywhere access to pry on victims of serious incidents. We need clear assurances that the Government will properly protect patients by introducing robust mechanisms so that only clinicians with a legitimate reason for accessing a patient record can do so. The system can no longer be a free-for-all without any serious sanctions to deter NHS staff from snooping.'



