In 2010 I was dismissed from Walsall Healthcare NHS Trust after I raised serious concerns about patient care in the paediatric department. I was found guilty of Gross Misconduct and Insubordination by an internal disciplinary panel. I appealed against my dismissal. On 24 January 2011 the paediatric clinical director Dr Nadeem Moghal wrote giving me permission to access my hospital computer to prepare for my appeal. He insisted that I be supervised because of the sensitivity of the data on the computer. I used my computer on 11 February 2011 to access files for my appeal. I was supervised by Mr Paul Davies a senior IT officer. I told him that I would be taking the Trust to an employment tribunal and asked what provision would be made to secure the hard drive. He told me it would be mothballed in a secure place. I did not give it another thought.
By August 2011 I was preparing for the employment tribunal and contacted the trust solicitor to gain access to my computer once more to help prepare my case. “The Trust has checked the repair department but has not able to find the hard drive. This means that we are not able to give you access to the PC” was the emailed response. I was represented at that time by a BMA solicitor. Her advice was that there was nothing to be done. Shortly after that I parted company with BMA legal advice when I was asked to accept an out of court settlement and sign a gag.
I prepared my case without being able to review all the documentation on my computer.
My case ran at Birmingham employment tribunal in April 2012. Six months later in November,after a conversation with a data protection specialist, I became concerned as to what had become of my computer. If it was lost a large quantity of confidential patient data was potentially on the loose. I described this data as follows in my letter of 29 November 2012 to the Walsall Healthcare NHS Trust’s CEO, Mr Richard Kirby:
“My computer hard-drive held large quantities of confidential and highly sensitive patient information. This included more than 6,000 emails and a large number of letters and reports, many containing patient information involving cases of physical and sexual abuse. In addition up to or more than 1000 digital images were stored on the hard drive. Since I often did my own clinical photography, including child abuse work, many images would have been of that nature. These included images of children with suspected and actual physical and sexual abuse and children with disfiguring medical conditions. Some of these would have been identifiable by the file names.”
I then stated my on-going ethical obligation:
“Although I no longer work for the Trust I have, under GMC guidance, a continuing duty of care to my patients and their families. I gave all families specific undertakings about the security of the digital images in particular. All other records are covered by an understanding implicit in the doctor-patient relationship. All these records were kept on a password protected computer in a secure office.”
The CEO replied on 21 December to report that the, “Trust solicitor does not think that the hard drive was ever lost.” He claimed that the hard drive had been destroyed because it was broken. He could provide no specific evidence of the secure disposal of the hard-drive I had reported. It is hard to know what is meant by Richard Kirbys’s account. Most of the data on a broken hard-drive can be extracted by an IT technician. Of which the trust has many.
My last word to Richard Kirby was as follows
“Just as serious for me now is the Trust’s admission that it has destroyed my hard drive, knowing that it contained information which was potentially evidential not just in my employment case against the Trust but in future quasi-judicial processes and other investigations.
A parliamentary investigation into the mistreatment of NHS whistleblowers is now I believe inevitable post-Francis. See my letter in the Sunday Telegraph:
I hope that one of the issues such an inquiry will look at is the numerous ways in which Trusts attempt to disadvantage whistleblowers, including interference with their computers. On this specific matter I propose therefore to take no further action other than to make the following statement for future reference:
“Walsall Healthcare NHS Trust, following my dismissal, claims to have destroyed the computer I used when I was employed there as a consultant paediatrician. This was done despite one of its officers, Mr Paul Davies, having assured me that the hard drive would be kept in secure storage and despite my several written requests that I be given further access to it prior to its destruction.”
Can anyone smell dead fish?
I am not the only whistleblower to have had his computer interfered with. Professor Narinder Kapur was head of Neuropsychology at Addenbrookes. He had an exemplary record until he raised concerns about unqualified staff treating patients. He was also dismissed in December 2010. He won his case for unfair dismissal. The Tribunal made 18 specific criticisms of the Trust. One involved his computer. Documents disclosed to the Tribunal (the people pursuing whistleblowers are bad but sometimes not very bright) showed that IT staff at Addenbrookes under management instruction accessed his computer and cloned it. The Tribunal judged this behaviour to be “entirely contemptible”. There are other stories which I will save for another time.
So, what to do? Last week I made a formal complaint to the Information Commissioners Office about Walsall Healthcare’s actions. The ICO has increasingly taken an unsympathetic view of data breaches, The NMC recently lost CDs with child data on them and was fined £50,000. The record fine for an NHS Trust I have seen was for £350,000. I love Walsall and its people. I would not want a penny to be taken out of the local health economy. But when serious wrong has been done by a public body and an individual citizen cannot get at the truth what does he or she do? I will post the ICO’s response when I get it.