ICO cautions NHS staff against illegally accessing patient medical records
ico warn nhs staff over accessing medical records

ICO cautions NHS staff against illegally accessing patient medical records

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

The Information Commissioners Office (ICO) has specifically reminded NHS staff not to access patient medical records without proper reason and / or proper authority. Illegally accessing, obtaining and/or disclosing patient medical records without permission is not only a violation of patient data protection rights, but also exposes the wrongdoer and the NHS to legal action and costly fines.

This latest ICO warning was prompted by a recent case where a former health care assistant accessed medical records belonging to several patients without a valid reason. Over a period of a year and a half, Brioney Woolfe reportedly accessed patient files belonging to 29 individuals, including her family members, colleagues and other patients.

Information also disclosed

Her wrongdoing was further exacerbated by the fact she reportedly disclosed some of the sensitive information. Woolfe’s illegal behaviour was discovered when a patient filed a complaint against her.

Colchester Magistrates’ Court found Woolfe liable for breaching Data Protection laws during her employment at Colchester Hospital University NHS Foundation Trust. She was fined £400 for illegally obtaining personal information as well as £650 for disclosing some of that sensitive information as well. On top of the £1,050 fine, Woolfe was also ordered to pay costs of £665.

Warnings and reminders…

The ICO’s warning serves as an important reminder to NHS staff of the seriousness of breaching data protection rules. Woolfe probably thought nothing of ‘having a look‘ at some patient records, but it ended up costing her £1,715, and her job. Prospective employers will likely be put off by her actions, perhaps deeming her as someone that can’t be trusted.

The NHS data breach trends

This scenario is one of many that have occurred over the last few years…

The NHS are constantly making headlines for all sorts of data breaches, with most of them being administrative errors or employees who failed to take data protection seriously. Steve Eckersley, Head of Enforcement at the ICO, is understandably frustrated by repetitive breaches:

“Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them… Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”

People who have or can access medical records need to recognise the sensitive nature of the information and respect a patient’s right to privacy. Whilst it may apparently be interesting, for some, to see who has what ailments, this information is privileged.

For the victims, knowing someone has accessed your sensitive information can be deeply distressing. Victims often feel anxious and distressed, fearing that someone out there knows something private about them and can share it to the world whenever they please. Their mistrust to others can have great impact on their lives; never knowing who they can trust, and constantly worrying if it might happen again.

Since October 2016, the ICO has seen eight individuals prosecuted and sanctioned for illegally accessing medical records. Seven were employed by the NHS at the time of the breach, all of whom are no longer employed at the hospital/ healthcare centre they committed the breach at.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon