A former employee of the London Clinic in Marylebone has been sanctioned for attempting to sell private medical records belonging to the Princess of Wales. The breach occurred while the princess was an inpatient at the clinic following major abdominal surgery in January 2024.

The individual involved received a formal caution from the Information Commissioner’s Office (ICO) for the deliberate misuse of highly sensitive personal information. Following an internal investigation, the staff member was dismissed from their position and subsequently struck off the medical register.

The incident has raised serious concerns about patient confidentiality and the vulnerability of high-profile individuals to privacy violations. Sources familiar with the situation described the breach as deeply distressing for the princess and her family. The episode underscores challenges faced by members of the Royal Family in maintaining privacy amid public scrutiny.

The London Clinic emphasized its commitment to patient confidentiality and stated that it acted promptly to address the issue once it came to light. Meanwhile, the ICO highlighted the importance of safeguarding sensitive data, particularly with respect to individuals in the public eye.

The caution and disciplinary actions mark the conclusion of an investigation into the incident, which prompted a review of data protection protocols at the clinic. The case has drawn attention to the risks associated with handling confidential medical information and the responsibilities of healthcare providers in protecting patient privacy.