Princess of Wales’ medical records accessed for financial gain; Ex-London clinic worker cautioned

A former healthcare worker at the London Clinic has been formally cautioned for illegally accessing the medical records of Catherine, Princess of Wales, during her treatment at the private London hospital in 2024.The Information Commissioner's Office (ICO) confirmed that it had concluded a criminal investigation into the misuse of Kate's confidential health information after the clinic reported a data breach. The watchdog said the employee deliberately accessed highly sensitive personal data and offered to disclose the information to a third party for financial gain, Daily mail reported.The investigation began in March 2024 following reports that a member of staff had attempted to view the Princess of Wales's medical records while she was receiving treatment at the central London hospital.

Kate, 44, underwent abdominal surgery at the London Clinic in January 2024 before later revealing in a video message that she had been diagnosed with cancer.According to the ICO, the former healthcare professional, who has not been publicly identified, was issued with a formal caution under Section 170(5) of the Data Protection Act 2018. The regulator described the incident as a serious breach of trust involving the deliberate misuse of personal information.

The ICO said it carried out a full assessment under the Code for Crown Prosecutors and its own prosecution policy before deciding that a caution was the most appropriate and proportionate enforcement response in the case.As part of its investigation, the regulator also examined whether the incident pointed to broader failings within the London Clinic's handling of patient information. However, it concluded that the available evidence did not reveal any organisational shortcomings that would justify regulatory action against the hospital.Ian Hulme, the ICO's Executive Director for Regulatory Supervision, said: "People should be able to trust that organisations will protect their personal information. This breach involved the deliberate misuse of highly sensitive personal data and was a clear violation of that trust."We will continue to take action against individuals who unlawfully access or disclose personal information, and we will not hesitate to pursue criminal enforcement where it is necessary and proportionate to do so."The London Clinic welcomed the conclusion of the investigation, describing the case as an isolated incident. A spokesperson for the hospital said: "We are pleased that the ICO has concluded its investigation and confirmed that there was no evidence of systemic failings or regulatory breaches by the London Clinic."We remain fully committed to maintaining the highest standards of patient care, confidentiality and data protection.

This was an isolated incident, and we continue to take our responsibilities to safeguard patient information extremely seriously."Under the Data Protection Act 2018, it is a criminal offence to obtain, disclose or retain personal data without the consent of the data controller. The ICO has powers to investigate suspected breaches and bring criminal proceedings against individuals where offences are believed to have been committed.