The Times Australia
The Times World News

.

Attempts to access Kate Middleton’s medical records are no surprise. Such breaches are all too common

  • Written by Bruce Baer Arnold, Associate Professor, School of Law, University of Canberra

The alleged[1] data breach involving Catherine, Princess of Wales tells us something about health privacy. If hospital staff can apparently access a future queen’s medical records without authorisation, it can happen to you.

Indeed it may have already happened to you, given many breaches of health data go under the radar.

Here’s why breaches of health data keep on happening.

Read more: Yes, Kate Middleton's photo was doctored. But so are a lot of images we see today[2]

What did we learn this week?

Details of the alleged data breaches, by up to three staff[3] at The London Clinic, emerged in the UK media this week. These breaches are alleged to have occurred after the princess had abdominal surgery at the private hospital earlier this year.

The UK Information Commissioner’s Office is investigating[4]. Its report should provide some clarity about what medical data was improperly accessed, in what form and by whom. But it is unlikely to identify whether this data was given to a third party, such as a media organisation.

Read more: After the Medicare breach, we should be cautious about moving our health records online[5]

Health data isn’t always as secure as we’d hope

Medical records are inherently sensitive, providing insights about individuals and often about biological relatives.

In an ideal world, only the “right people” would have access to these records. These are people who “need to know” that information and are aware of the responsibility of accessing it.

Best practice digital health systems typically try to restrict overall access to databases through hack-resistant firewalls. They also try to limit access to specific types of data through grades of access.

This means a hospital accountant, nurse or cleaner does not get to see everything. Such systems also incorporate blocks or alarms where there is potential abuse, such as unauthorised copying.

But in practice each health records ecosystem – in GP and specialist suites, pathology labs, research labs, hospitals – is less robust, often with fewer safeguards and weaker supervision.

Read more: Vaccination status – when your medical information is private and when it's not[6]

This has happened before

Large health-care providers and insurers, including major hospitals or chains of hospitals, have a worrying[7] history[8] of digital breaches[9].

Those breaches include hackers accessing the records of millions of people. The Medibank[10] data breach involved more than ten million people. The Anthem[11] data breach in the United States involved more than 78 million people.

Hospitals and clinics have also had breaches specific to a particular individual. Many of those breaches involved unauthorised sighting (and often copying) of hardcopy or digital files, for example by nurses, clinicians and administrative staff.

For instance, this has happened to public figures such as singer[12] Britney Spears[13], actor George Clooney[14] and former United Kingdom prime minister Gordon Brown[15].

Britney Spears
Britney Spears’ medical records were also the subject of a data breach. Nina Prommer/EPA/AAP

Indeed, the Princess of Wales has had her medical privacy breached before, in 2012, while in hospital pregnant with her first child. This was no high-tech hacking of health data.

Hoax callers from an Australian radio station tricked[16] hospital staff into divulging details over the phone of the then Duchess of Cambridge’s health care.

Read more: Did 2Day FM break the law? And does it matter?[17]

Tip of the iceberg

Some unauthorised access to medical information goes undetected or is indeed undetectable unless there is an employment dispute or media involvement. Some is identified by colleagues.

Records about your health might have been improperly sighted by someone in the health system. But you are rarely in a position to evaluate the data management of a clinic, hospital, health department or pathology lab.

So we have to trust people do the right thing.

Read more: What is HIPAA? 5 questions answered about the medical privacy law that protects Trump's test results and yours[18]

How could we improve things?

Health professions have long emphasised the need to protect these records. For instance, medical ethics bodies condemn[19] medical students who share[20] intimate or otherwise inappropriate images of patients.

Different countries have various approaches to protecting who has access to medical records and under what circumstances.

In Australia, for instance, we have a mix of complex and inconsistent laws that vary across jurisdictions, some covering privacy in general, others specific to health data. There isn’t one comprehensive law and set of standards vigorously administered[21] by one well-resourced watchdog.

In Australia, it’s mandatory to report data breaches[22], including breaches of health data. This reporting system is currently being updated[23]. But this won’t necessarily prevent data breaches.

Read more: Government's privacy review has some strong recommendations – now we really need action[24]

Instead, we need to incentivise Australian organisations to improve how they handle sensitive health data.

The best policy nudges[25] involve increasing penalties for breaches. This is so organisations act as responsible custodians rather than negligent owners of health data.

We also need to step-up enforcement of data breaches and make it easier for victims to sue for breaches of privacy – princesses and tradies alike.

Read more: Where’s Kate? Speculation about the 'missing' princess is proof the Palace’s media playbook needs a re-write[26]

References

  1. ^ alleged (www.abc.net.au)
  2. ^ Yes, Kate Middleton's photo was doctored. But so are a lot of images we see today (theconversation.com)
  3. ^ up to three staff (www.mirror.co.uk)
  4. ^ is investigating (ico.org.uk)
  5. ^ After the Medicare breach, we should be cautious about moving our health records online (theconversation.com)
  6. ^ Vaccination status – when your medical information is private and when it's not (theconversation.com)
  7. ^ worrying (www.theguardian.com)
  8. ^ history (www.afr.com)
  9. ^ digital breaches (www.innovationaus.com)
  10. ^ Medibank (www.theguardian.com)
  11. ^ Anthem (www.hipaajournal.com)
  12. ^ singer (www.latimes.com)
  13. ^ Britney Spears (journals.lww.com)
  14. ^ George Clooney (www.nytimes.com)
  15. ^ Gordon Brown (www.theguardian.com)
  16. ^ tricked (theconversation.com)
  17. ^ Did 2Day FM break the law? And does it matter? (theconversation.com)
  18. ^ What is HIPAA? 5 questions answered about the medical privacy law that protects Trump's test results and yours (theconversation.com)
  19. ^ condemn (www.bmj.com)
  20. ^ share (www.abc.net.au)
  21. ^ vigorously administered (theconversation.com)
  22. ^ data breaches (www.oaic.gov.au)
  23. ^ being updated (theconversation.com)
  24. ^ Government's privacy review has some strong recommendations – now we really need action (theconversation.com)
  25. ^ nudges (onlinelibrary.wiley.com)
  26. ^ Where’s Kate? Speculation about the 'missing' princess is proof the Palace’s media playbook needs a re-write (theconversation.com)

Read more https://theconversation.com/attempts-to-access-kate-middletons-medical-records-are-no-surprise-such-breaches-are-all-too-common-226303

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

Distressed by all the bad news? Here’s how to stay informed but still look after yourself

If you’re feeling like the news is particularly bad at the moment, you’re not alone. But many of us can’t look away – and don’t want to. Engaging with news can help us make ...

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...

Troubleshooting Flickering Lights: A Comprehensive Guide for Homeowners

Image by rawpixel.com on Freepik Effectively addressing flickering lights in your home is more than just a matter of convenience; it's a pivotal aspect of both home safety and en...

My shins hurt after running. Could it be shin splints?

If you’ve started running for the first time, started again after a break, or your workout is more intense, you might have felt it. A dull, nagging ache down your shins after...

Metal Roof Replacement Cost Per Square Metre in 2025: A Comprehensive Guide for Australian Homeowners

In recent years, the trend of installing metal roofs has surged across Australia. With their reputation for being both robust and visually appealing, it's easy to understand thei...

Why You’re Always Adjusting Your Bra — and What to Do Instead

Image by freepik It starts with a gentle tug, then a subtle shift, and before you know it, you're adjusting your bra again — in the middle of work, at dinner, even on the couch. I...