Minerva Studio - stock.adobe.com

Whistleblower Peter Duffy calls for oversight of NHS records to prevent evidence tampering

A whistleblower has called for greater oversight in the handling of ‘safety-critical digital information’ across the NHS, in light of a number of cases that raise questions about data governance and record-keeping within the health service

Peter Duffy warned that there is a growing risk of electronic patient records and NHS staff communications being exposed to tampering efforts in disputes with managers and executives, citing alleged email falsification that has formed part of a long-running dispute with his ex-employer, the University Hospitals of Morecambe Bay NHS Trust (UHMBT).

The surgeon, who now practices on the Isle of Man, told audiences of approximately 650 and more than 200, respectively, that “there is increasing potential for electronic tampering” of NHS IT records, holding serious implications for patient safety reporting and disputes with government and health service bodies.

He made the comments during talks given over the past month – to the Association for Perioperative Practice (AfPP) on 10 September 2022 and at the Royal College of Surgeons Ireland (RCSI) in Dublin on 23 September 2022.

The consultant medic, who says he was driven out of UHMBT in 2016 after blowing the whistle on dangerous practices and uninvestigated cases of harm within the trust’s urology services, won a constructive dismissal claim against his ex-employer in 2018.

Duffy now alleges that emails concerning the care of a patient at the centre of his whistleblowing were forged and backdated by senior UHMBT staff, some number of years after his employment claim against the trust had ended.

The emails were not disclosed during the tribunal – despite a court order having been issued to release all communications concerning the care of the patient in question, the late Peter Read, who died in early 2015 – and are understood to have surfaced during the course of an external review into UHMBT’s urology services carried out between late 2019 and 2021.

Niche Consult, a private firm commissioned by NHS England/Improvement (NHSE/I) to investigate Duffy’s patient safety disclosures alongside broader concerns regarding the trust’s urology department, determined that the emails in question were not fakes.

Duffy told the AfPP and RCSI audiences that, during the Niche review of UHMBT’s urology services in 2020, he was “abruptly told that two entirely new, never-seen-before emails had suddenly, unexpectedly appeared”. The emails appear to partly implicate him in the series of clinical errors and missed care opportunities that contributed to Read’s death.

Duffy described the allegedly falsified emails as being part of “an executive vendetta” waged against him in retaliation for his whistleblowing activity and negative publicity surrounding it, as UHMBT was seeking to cultivate the image of a “turnaround” trust in the years following a major maternity scandal between 2004 and 2013.

“With electronic patient records and IT-based communications, there is increasing potential for electronic tampering”

Peter Duffy, NHS whistleblower

He said he is currently facing investigation by the General Medical Council over the contents and implications of the disputed emails.

Duffy described to attendees at the AfPP and RCSI events how, within days of the emails being put to him by Niche Consult as part of the firm’s investigation, they had arrived “in the hands of the General Medical Council, who clearly intended to investigate me over them”.

“It wasn’t clear how they had acquired them,” he said. “But I was assured by the NHS investigators that the emails hadn’t been supplied to or passed through the hands of any third parties and that it was the investigation itself that had found these emails, almost by accident.”

Duffy also pointed to what he considers to be a pattern of evidence manipulation and non-disclosure across NHS patient safety disputes with staff and impacted families.

One comparative case he cited was that of Dr Chris Day – during whose whistleblowing litigation this summer a tribunal heard that as many as 90,000 emails may have been destroyed by a London NHS communications chief during the same week he was due to give evidence at the hearing. A judgment in Day’s tribunal case is currently being awaited.

In light of the alleged IT manipulation, Duffy also questioned whether an external monitoring body should have some oversight of NHS electronic records and communications management. He also argued that investigatory outfits overseeing reviews into suspected NHS care failings should be financially independent from government and the health service.

“With electronic patient records and IT-based communications, there is increasing potential for electronic tampering,” he said.

“We should consider whether public bodies can be entrusted with both exclusive ownership of and unfettered access to safety-critical digital information, and the ability to covertly and retrospectively erase, modify or add to that data.”

UHMBT CEO Aaron Cummins told Computer Weekly that Duffy’s allegations were, in themselves, not proof that the emails had been falsified, citing the conclusions of Niche Consult’s review of the claims.

“With regards to the claims that these emails were falsified, the two separate independent, external reviews of those allegations conducted by Niche Health and Social Care Consulting as part of their investigation, found no evidence the emails in question were tampered with and no evidence they were not sent from Mr Duffy’s NHS hospital email account,” said Cummins.

NHSE/I, NHS Digital and Niche Consult have been contacted for comment.


Read more on Healthcare and NHS IT

Data Center
Data Management