UK—Receptionist Prosecuted for Unlawfully Accessing PHI
By Brian Davidson, CIPP/E
The ICO has prosecuted a former receptionist at a GP surgery for unlawfully obtaining sensitive medical information relating to her ex-husband’s new partner.
The individual was prosecuted under section 55 of the Data Protection Act (DPA), fined £750 and ordered to pay a £15 victim surcharge and £400 prosecution costs.
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the DPA, punishable by way of a fine of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The individual was found to have accessed the information on 15 separate occasions over a 16-month period while working as a receptionist. The breach became apparent after the individual left her job and sent an SMS-message to her ex-husband’s new partner, referring to highly sensitive medical information taken from her medical record.
Brian Davidson, CIPP/E, is a privacy and information advisor at Field Fisher Waterhouse, LLP.