Cambridge University Hospitals (CUH) has launched an investigation after approximately 40 members of staff accessed the medical records of a three-year-old boy who was seriously injured in a crocodile enclosure at a zoo. The hospital trust has self-referred the incident to the Information Commissioner's Office (ICO) to determine whether all workers had a legitimate clinical or operational reason for viewing the boy's information.
The toddler, from Cambridgeshire, remains in a stable condition at Addenbrooke's Hospital in Cambridge, which is run by CUH. He was admitted last Thursday following the incident at Johnsons of Old Hurst zoo in Huntingdon, where he sustained serious injuries after ending up in the crocodile enclosure.
Police Investigation and Arrest
Cambridgeshire police were called to the zoo at 1.24pm on Thursday by the ambulance service. A 30-year-old man from Norfolk was arrested on suspicion of attempted murder and later bailed after being assessed as not fit for interview. The suspect reportedly has learning difficulties and was on a trip with carers at the time of the incident.
Police confirmed on Monday that the boy was no longer in a critical condition but remained stable in hospital. It is understood that he was attacked by at least one crocodile after allegedly being thrown into the enclosure. Zoo staff pulled the child out of the water, and Tracey Johnson, wife of the zoo owner, reportedly jumped into the enclosure to rescue him.
Hospital Response and Data Breach
A CUH spokesperson stated: “We have strict policies in place to safeguard patient data and we take any breach extremely seriously. We know the vast majority of our 13,000 staff understand the fundamental importance of maintaining patient confidentiality and uphold the highest professional standards. Where any member of staff is found to have accessed patient records without legitimate clinical or operational reasons we take robust disciplinary action, including dismissal. As part of our response to any breach, we notify both the ICO and apologise to patients and their families affected.”
The hospital trust is now investigating whether all 40 staff members who accessed the records had a valid reason. The ICO has been notified and will assess whether any further regulatory action is required.
Broader Context
This incident comes shortly after a former healthcare worker was cautioned by the ICO for attempting to obtain and sell the medical records of the Princess of Wales, highlighting ongoing concerns over patient data security in the UK healthcare system.
