A former healthcare worker at the London Clinic has been cautioned by the Information Commissioner’s Office (ICO) over the deliberate misuse of the Princess of Wales’s private medical records and offering to disclose them for financial gain.
Incident Details
The hospital worker was employed at the clinic where Kate Middleton had abdominal surgery. The employee has been struck off and sacked from their job following an investigation into claims that medical records had allegedly been accessed by staff in 2024.
The ICO began a criminal investigation in March 2024 into the unlawful obtaining and disclosure of medical information to a third party without the consent of the data controller, after the London Clinic reported a breach.
At the time it was reported that at least one member of staff tried to access the Kate’s notes while she was a patient at the private hospital in central London in January.
ICO Statement
The ICO said on Wednesday: “Following a full assessment under the Code for Crown Prosecutors and the ICO’s Prosecution Policy, the ICO issued a now former healthcare professional from London with a formal caution in relation to an offence under section 170(5) of the Data Protection Act 2018.
“The conduct involved the deliberate misuse of highly sensitive personal information and an offer to disclose it for financial gain, representing a clear breach of trust.”
The ICO said a caution was “the appropriate and proportionate enforcement response”.
It added: “We also considered whether there were any wider organisational issues arising from the healthcare provision in this matter. Based on the evidence available, we did not identify any failings that would meet the threshold for regulatory enforcement.”
Executive Comments
Ian Hulme, executive director for regulatory supervision, said: “People should be able to trust that the personal information they’re giving to healthcare settings is safe and protected from exploitation. When this trust is broken, it’s right that the law allows us to take action.
“We will not hesitate to pursue criminal prosecution where it is necessary and proportionate to do so.”
Hospital Response
A London Clinic spokesperson said: “We all take considerable pride in delivering the very highest standards of care and discretion for every patient at The London Clinic. We are pleased our work with the ICO has brought this sad and isolated incident to a conclusion. There were no regulatory breaches by the hospital.”
Speaking to the Mirror, a source said: “This has been a complex and delicate matter involving a senior member of the royal family and one of the world’s most trusted hospitals. There has been great anxiousness on all sides and it has been wholly appropriate that the correct procedures during the investigation have been followed.”
