A former healthcare worker has been found guilty of accessing the medical records of people known to him without a legitimate reason, according to the Information Commissioner’s Office (ICO).
The UK’s data protection watchdog said Christopher O’Brien, 36, was working at the South Warwickshire NHS Foundation Trust when he viewed the records of 14 patients between June and December 2019.
Those individuals were known personally to him, but O’Brien did not have a “valid business reason” for accessing the records, the ICO said.
Appearing at Coventry Magistrates’ Court on August 3, he pleaded guilty to unlawfully obtaining personal data in breach of section 170 of the Data Protection Act 2018. O’Brien was ordered to pay £250 compensation to 12 patients, totalling £3000.
“This case is a reminder to people that just because your job may give you access to other people’s personal information, especially sensitive data such as health records, that doesn’t mean you have the legal right to look at it,” said ICO director of investigations, Steve Eckersley.
“Such behavior can be extremely distressing for the victims. Not only is it an invasion of their privacy, it potentially jeopardizes the important relationship of trust and confidence between patients and the NHS.”
In fact, one of the victims reportedly said the revelations made them “worried and anxious,” while another claimed it put them off going to see their doctor.
“I would urge organizations to remind their staff about their data protection and information governance responsibilities, including how to handle people’s sensitive data responsibly,” said Eckersley.
The case has echoes of widespread breaches of privacy law by police officers an administrative staff, revealed in several reports over the years.
In 2019, for example, a Freedom of Information (FOI) request from think tank Parliament Street revealed that 237 officers and staff members had been disciplined, six resigned during investigations and 11 were sacked for computer misuse offenses over the previous two years. The data came from just 23 police forces.
A separate study in 2017 found that UK police investigated nearly 800 cases of data misuse by staff over the previous 12 months.