The Information Commissioner’s Office has issued another warning to NHS employees after an NHS administrator was fined for repeatedly accessing a patient’s medical records without a valid legal reason.
Nicola Wren was employed by Kent and Medway NHS and Social Care Partnership Trust when she accessed health records of a patient 279 times over a three-week period in October and November 2015, viewing the files up to 50 times in a day. The patient was known to Wren but she had no lawful basis to access the records. She was fined £300 and also ordered to pay prosecution costs of £364.08 and a victim surcharge of £30.
This is not the first case to have hit the press in recent weeks. Last month a midwife from Leicester (who was employed by University Hospitals Coventry and Warwickshire NHS Trust) and who had been dismissed for viewing the medical records of friends, ex boyfriends and colleagues “without clinical justification” over a 16 year period was also struck off by the Nursing & Midwifery Council.
The latest decisions from both the ICO and NMC serve as a salutary reminder of the serious consequences of personal curiosity: the ICO takes any breaches of sensitive data extremely seriously.
According to the ICO data breaches in the health sector are on the rise with an 11 per cent increase in reported health incidents in Q1.
The three main breach types are:
- Loss or theft of paperwork;
- Data sent to wrong person by email; and
- Data posted or faxed to incorrect person.
You can view the health sector incidents by type here.
Our team has experience of dealing with various breaches involving sensitive data – do get in touch if you require refresher training to avoid any breaches occurring in the future, particularly in light of the forthcoming Data Protection Bill.