The Information Commissioner’s Office (ICO) has reminded NHS staff about the potentially serious consequences of prying into patients’ medical records without a valid reason.
The warning came after Brioney Woolfe, a former midwifery assistant at Colchester Hospital University NHS Foundation Trust, who described herself as ‘nosy’,was ordered to pay a total of £1,715 in fines and costs after pleading guilty to offences of unlawfully obtaining and unlawfully disclosing personal data.
An investigation, which followed a complaint by a patient, established that Woolfe had accessed the records of 29 people including family members, colleagues and others where no connection with the defendant is known, between December 2014 and May 2016.
Some of the information was subsequently shared with others. That was not only a breach of patient confidentiality but also against the Data Protection Act.
Woolfe, was fined £400 for the offence of obtaining personal data, and a further £650 for the offence of disclosing personal data. She was also ordered to pay a contribution of £600 towards prosecution costs, plus a victim surcharge of £65.
Colchester Magistrates’ Court was told Woolfe, inappropriately accessed the medical records of 29 people while employed as a midwifery assistant, using the trust’s Medway electronic patient record system.
According to a report by local newspaper, the Essex Gazette, Woolfe was reported to the head of midwifery at Colchester General Hospital when someone discovered their medical records had been shared with her ex-partner.
Charlotte Brewer, prosecuting, told Colchester magistrates, Woolfe, 28, had accessed personal information without consent of 23 women and six men. Only two of the 29 were pregnant.
Brewer told magistrates Woolfe would look up friends’ records. “If her children had been invited to a birthday party, she’d look up their parents’ details.
The case is one of several ICO prosecutions involving staff illegally accessing health records in recent months and Head of Enforcement Steve Eckersley said:
“Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them.
“Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”