Reading:
Another NHS worker fined by the ICO for accessing and disclosing information from medical records
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
On the 11th August 2017 yet another NHS (now former) worker was fined by the Information Commissioner’s Office (ICO) for accessing sensitive health records belonging to family, friends and colleagues without authorisation.
She even disclosed information she found.
Brioney Woolfe worked at Colchester Hospital University NHS Foundation Trust as a Midwifery Assistant. The self-confessed ‘nosy’ midwifery assistant reportedly accessed 29 patient medical records, including the parents of her children’s school friends.
She reportedly accessed files without authorisation, and her actions were discovered when a patient realised Woolfe’s ex-partner knew about their records.
An investigation was opened and Woolfe was found to have accessed medical records belonging to 29 people without permission between December 2014 and May 2016. Of the 29 patients, 23 were women and only two of these were pregnant.
When answering her crimes, the 28-year-old confessed that whenever her children were invited to a party, she would look up the parents’ details. She maintained her curiosity was never intended to be malicious, but data protection rules mean that, regardless of intention, she still obtained and disclosed personal data without authorisation and therefore breached the Data Protection Act.
A spokesman for the hospital said that maternity staff have received updated information training as a result of Wolfe’s actions; leaving some speculation as to whether data protection protocols were perhaps less than sufficient in the first place. He also said:
“It is essential that all NHS organisations use and store patient information appropriately and securely, and we take any breach extremely seriously.”
Unfortunately, this kind of thing just keeps on happening.
This recent case comes not long after ICO warnings to workers about not accessing patient records unless they have permission and/or proper reason to do so. The warning also reminds us that even if it is not done maliciously, data protection can still be breached and real consequences can follow. In this case, Woolfe was fined £400 for accessing the sensitive information; £650 for disclosing some of it; £600 for costs; and a £65 victim surcharge.
Although Woolfe reportedly had an ‘unblemished’ record at work, she understandably lost her job of 12 years as a direct result of her actions.
Head of Enforcement at the ICO, Steve Eckersley, once again warns about letting personal curiosity get the better of you. Whilst a curious snoop may seem harmless:
“…patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”
Data protection rules apply to companies, organisations and individuals. Whilst companies and organisations have a responsibility to ensure that information stored and processed is done so in a safe and secure way, individuals cannot flout their own ability to access and abuse information for personal gain or curiosity.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
