Confidential and sensitive medical records have been left in an unlocked boiler room at a local hospital, a Sutton Guardian investigation can reveal.

Medical records at Sutton Hospital are easily accessible to members of the public as many are being kept in an unsecure boiler room located outside the main buildings.

The leaky boiler room is housing thousands of patient records, including names, addresses and full medical histories of individuals treated at the 19th century hospital.

The hospital has a modern day-surgery unit and provides a number of outpatient services. There are also mental health services provided on-site by South West London and St George’s Mental Health NHS Trust.

The boiler room, which is situated to the rear of the hospital, houses old filing cabinets and appeared to be the base for workmen carrying out maintenance work.

Although there was a combination lock on the outside door, it wasn’t being used. Complaints made to this newspaper said the door being left open was common.

Inside the boxes, private files were strewn across one another, with no regard for the patients’ treatment records.

Patients’ eye treatment records were piled up and shoved into a corner - all of which contained recent telephone numbers, addresses and medication.

A spokesman for Epsom and St Helier University Hospitals NHS Trust said:“These notes were discovered in an area that would not normally be accessible to members of the public.

“The trust takes the confidentiality of patient information very seriously and has instigated an immediate investigation to find out why these notes were left in an unsecure area. The notes have since been stored in a secure area at Sutton Hospital.”


Surrounded by brain scans and medical records, the disregard for patient confidentiality was quite clear.

Box upon box of private records are kept a foot from the open door, and any member of the public could walk in and potentially steal an identity or see details of an individual’s ailments.

The boiler house looked unwelcoming, but it proved to be far from it. The wooden door had a lock with numbers on which to punch in the code, but it was not needed.

With a simple turn of the handle I was confronted by a huge pile of documents and boxes of highly sensitive medical records, and not a person in sight.

In two hours there, only one member of staff entered the building, and she did not seem too concerned by a stranger’s presence.