The Information Commissioners Office (ICO) has given a former NHS administrator a fine for illegally accessing sensitive medical records of people she knows.
Whilst working at the Tees Esk and Wear Valleys NHS Foundation Trust, the former admin worker took advantage of her position and searched for medial information on her friends and family without their consent. The former admin worker pleaded guilty to breaching s55 of the Data Protection Act. The ICO consequently issued her a £45 fine and have also ordered her to pay costs of £405.98 and a victim surcharge of £20.
Data protection – a very serious matter in the UK
We are protected by the Data Protection Act and its governing principles here in the UK. The Act sets out that our information must be protected as a fundamental right. Only authorised people can access it, and even when doing so, they need to make sure it is used in a safe and lawful way – and always kept securely.
The former NHS administrator probably had the authority to deal with medical records but she can only do this in a specified and legal reason. Her job doesn’t let her access just anyone’s records on a whim or for personal gain.
Medical privacy is extremely important as it is a more sensitive level of personal information we’re dealing with. We’re all entitled to have our medical information protected, and no one should ever abuse that. In this case, Monnapula was rightfully punished for abusing her position, as well as abusing the trust and confidence of her employer, and NHS Trust users afffected.
However, whenever something like this happens, we need to also look at whether or not there was a poor system in place that was allowing this sort of thing to happen in the first place. Did the Tees Esk and Wear Valleys NHS Foundation Trust have a secure filing system where only authorised people could access specific files? Or were they all just open to all admin staff with no record of who accessed what?
Action for the victims
Even though the former admin worker was given a fine by the ICO, the victims of her actions themselves may have an individual right to seek redress. The people who had their sensitive personal information accessed by the administrator have a right to come forward and claim for compensation to cover for the damage the incident has caused them.
People often forget that data leaks can cause harm; even if you can’t see it like a broken bone or a wound. Many victims of data leaks will find it extremely distressing, especially if the information was sensitive, like in this case. For most, medical records are very private documents, particularly when they have had many ailments or procedures they might see as embarrassing. Victims can claim for financial compensation to help them deal with data breaches.
As lawyers who have helped countless victims make successful claim for data protection breaches, we can help you if you have been affected by a medical data breach. As the victim, you are the one directly affected by a data breach and you should take action to recover financial compensation that you are eligible for.
We can help every step of the way, and we can even do it on a No Win, No Fee basis.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.