NHS, patient data
“Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them,” said Steve Eckersley, ICO Head of Enforcement, in a statement

Colchester Hospital University NHS Foundation Trust former healthcare assistant has now  been fined £1,715 in total

[Colchester, UK] A former employee of Colchester Hospital University NHS Foundation Trust has been fined for illegally accessing and disclosing patient records of 29 people during December 2014 and May 2016 while working as a healthcare assistant.

According to the Information Commissioner’s Office, Brioney Woolfe pleaded guilty to two offences under section 55 of the Data Protection Act and was prosecuted at the Colchester Magistrates’ Court. She was ordered to pay £1,715; £400 for accessing personal data of patients, £650 for revealing it, £600 in prosecution costs and a victim surcharge of £65.

The ICO has warned NHS staff can face ‘potentially serious consequences’ in case they access patient information without need or approval.

In a statement on the ICO website, Steve Eckersley, Head of Enforcement, said: “Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them.

“Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”

A spokesman for Colchester Hospital University NHS FT told BJ-HC:  "It is essential that all NHS organisations use and store patient information appropriately and securely, and we take any breach extremely seriously.

"The Trust received a complaint from a man who suspected that a healthcare assistant had been accessing his records inappropriately.

"We immediately investigated and suspended the member of staff and also notified Essex Police and the Information Commissioner's Office. 

"Our investigation upheld the complaint and we apologised to the complainant. We instigated disciplinary proceedings and dismissed the member of staff in October last year.

"All staff - including non-clinical staff - undergo information governance training in which they are reminded about the confidentiality of patients' records and, as a direct consequence of this case, update training was provided to maternity staff."

Related News

RCGP releases new guidance on online consultation services

RCGP issues new guidance on online consultation services to ensure patients are receiving high-quality, safe care

'Urgent need' to improve public awareness of NHS patient data use

New report from educational charity Corsham Institute calls on the NHS to improve the public’s understanding of patient data security, storage and use

HSE launches new online service for medical card applications

The HSE in Ireland received 440,000 applications for a medical card in 2017