The Information Commissioner’s Office (ICO) has issued a reminder to all NHS employees that accessing confidential patient medical records without a valid business reason for doing so is an offence and can incur serious consequences.
The reminder comes after a former healthcare assistant from Colchester Hospital University NHS Foundation Trust was ordered to pay over £1,700 in fines after “unlawfully obtaining and unlawfully disclosing personal data”.
A patient complaint triggered an investigation that revealed the former employee had accessed 29 patients records without good reason between December 2014 and May 2016. It was established that some information had also been shared. This isn’t the first time that a healthcare employee has been prosecuted for such an offence.
Steve Eckersley, Head of Enforcement at the ICO, said:
Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them.
Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.
Educate your staff
Information security is critical within the business environment. Enrol your staff on our Information Security Staff Awareness e-learning course to give them a better understanding of what is expected of them.
The course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses, and providing basic knowledge of information security best practices to reduce preventable mistakes.