There has been another prosecution over the access of patient records without authorisation in the NHS.
The UK’s Information Commissioner’s Office (ICO) has fined and prosecuted Michelle Harrison, formerly employed by Milton Keynes Hospital Trust, for accessing patient records without authorisation. Harrison reportedly pleaded guilty to improperly accessing the records of 12 people without any need or authorisation to do so.
This prosecution is the latest in a long line the ICO has had to enforce against NHS staff accessing medical records when they shouldn’t be.
Harrison has been fined hundreds of pounds as a result of the breaches that were committed between March 2016 and January 2017, while she was employed as a receptionist by Milton Keynes University Hospital NHS Foundation Trust. The records she accessed included those of an ex-partner and a woman who has alleged that Harrison used the medical data she accessed to harass her.
Harrison pleaded guilty to the charges.
An ongoing problem
Access to NHS medical records can be key for NHS staff to be able to make better decisions and act quickly when needed where they have fast access to vital patient data. On the flip side, this ease of access when it comes to medical data has led to a spate of improper access incidents like this one here.
Harrison really is the latest in a very long line of NHS staff who have lost their jobs and been prosecuted by the ICO for improperly accessing medical records; usually for people they know or live near. It’s a problem the NHS needs to stamp out, which could be done with far better training, auditing of access, and restrictions for some staff (like administration staff) being able to access records willingly.
All NHS patients have a right to privacy, and sensitive and confidential medical information should only be accessed and available for when it’s actually needed. Improper access like this not only compromises the patient’s right to privacy, but it also undermines the NHS itself, and once data has been revealed or compromised there’s little that can be done to reverse the damage in many instances.
Although some may argue that these employees who are improperly accessing medical records are going above and beyond their station in doing so, better training and auditing can stamp this out. If staff know their access to records will be clearly tracked and that improper access to medical records will lead to prosecution, we would expect these scenarios to drastically fall. In addition, more technology to restrict improper access can be utilised as well.
Unless we see these kinds of much-needed changes, the NHS are left exposed to medical data breach compensation claims when staff improperly access medical records without authorisation.