Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Despite Information Commissioner’s Office (ICO) warnings, NHS employees are continuing to breach data protection laws. We again see employees being found guilty of illegally accessing medical records belonging to people they know – i.e. family, friends, neighbours and colleagues – we assume this data snooping is merely to satisfy their curiosity.
In this latest batch, three perpetrators were fined by the ICO for their clear and obvious breaches, and we are yet again left wondering what can be done to stop these continual events happening.
A former administrator for Kent and Medway NHS and Social Care Partnership Trust reportedly accessed sensitive medical records belonging to an acquaintance in excess of 279 times during a three-week period.
She didn’t have permission from the patient nor her employer (the data controller) to look through these personal records, and she pleaded guilty to charges at Medway Magistrate’s Court.
A Coding Officer for Dudley Group NHS Trust when she was said to have rifled through her neighbour’s and former friend’s medical records. Her job had nothing to do with accessing these medical records, and she appears to have taken the breach one step further by disclosing sensitive information about a baby.
The Officer also pleaded guilty.
A nursing auxiliary and was reportedly working at the Royal Gwent Hospital in Newport at the time of the breach. She illegally accessed patient records belonging to her neighbour; something she had no right to do.
All three perpetrators had no authority nor legitimate reason to access the records they did. In order to satisfy what we can only assume was their own curiosity (why else would they access the records?), they violated the privacy of the patients and smeared the NHS’ reputation. Their actions cost them hundreds of pounds each, as well as costing them their jobs, reputation and probably some social relationships.
The successful prosecutions may give the ICO mixed feelings. On the one hand, perpetrators like these who violate data protection responsibilities must be caught and punished. On the other, it’s incredibly frustrating for the U.K. data watchdog to continuously warn and fine people for these entirely preventable breaches.
The ICO issued yet another warning to NHS workers about the consequences of snooping on patient records. Mike Shaw, Criminal Enforcement Group Manager for the ICO, said:
“Employees, who in many cases are very experienced and capable, are getting into serious trouble and often losing their jobs, usually over little more than personal curiosity. The laws on data protection are there for a reason and people have the right to know their highly sensitive personal information will be treated with appropriate privacy and respect.”
Shaw emphasised the importance of trust between patients and our National Health Service. If we can’t trust medical professionals with our information, we might withhold important information that could significantly impact our health.
It sounds like the NHS need to update their data protection training and protocols to mitigate the chances of these simple breaches happening again, including changing the way records are accessed and educating employees about the law and the consequences of breaching data rules.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020