Privacy Advisor

UK—Receptionist Prosecuted for Unlawfully Accessing PHI

April 1, 2013

By Brian Davidson, CIPP/E

The ICO has prosecuted a former receptionist at a GP surgery for unlawfully obtaining sensitive medical information relating to her ex-husband’s new partner.

The individual was prosecuted under section 55 of the Data Protection Act (DPA), fined £750 and ordered to pay a £15 victim surcharge and £400 prosecution costs.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the DPA, punishable by way of a fine of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The individual was found to have accessed the information on 15 separate occasions over a 16-month period while working as a receptionist. The breach became apparent after the individual left her job and sent an SMS-message to her ex-husband’s new partner, referring to highly sensitive medical information taken from her medical record.

Brian Davidson, CIPP/E, is a privacy and information advisor at Field Fisher Waterhouse, LLP.