NHS England issues new guidance preventing unlawful access to patient records
Published: 08/07/2026
| NHS England
NHS England (NHSE) has published new guidance aimed at preventing unlawful access to patient records. In an open letter to staff, NHSE chief executive Sir Jim Mackey stressed that patients rightly expect their information to be kept secure, and that recent reports of unauthorised access are highly concerning.
While some individuals view accessing patient histories out of personal or benign curiosity as harmless, Mackay warns that doing so is illegal, damages public trust, and risks undermining long-term data initiatives such as the Single Patient Record. He goes on to say that the small minority of staff who misuse data are placing their careers in jeopardy, face potential disciplinary action, dismissal, referral to the Information Commissioner's Office (ICO), and even criminal prosecution.
The new guidance includes instructions for staff, separate advice for patients, and comprehensive guidance for information governance (IG) professionals. Trust boards are urged to revisit staff education and implement a zero-tolerance response to breaches.
Training announcement: Freevacy provides comprehensive training for new and existing practitioners on the changes introduced by the DUA Act to the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA18), and the Privacy and Electronic Communications Regulations 2003 (PEC-Regulations). Our courses are always up to date and provide a forum for learning and discussing how to ensure your data protection processes remain compliant. Find out more.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 3,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.