GP surgery administrator fined for illegally accessing patient records

A former NHS administrator has been ordered to pay nearly £800 in fines and costs after pleading guilty to unlawfully accessing patient records.

Sally Anne Day, of Aberavenny, Wales, was sentenced at Newport Crown Court, having pleaded guilty to two offences under section 55 of the Data Protection Act.

Day repeatedly and unlawfully accessed the medical records of two patients between August 2015 and July 2016, causing them distress, the Information Commissioner’s Office said.

In that time she accessed the first patient’s confidential records 51 times, and the second patient’s records on a further eight occasions.

Day subsequently resigned from her job as an administrator for Powys Trust Health Board (PTHB) based at a GP surgery.

The case – which was brought by the ICO - was originally listed at Cwmbran Magistrates Court but was transferred to the crown court, due to the serious breach of trust involved and the number of times the data subjects’ confidential records were illegally accessed.

Day was fined £200 for each offence and was also ordered to pay £350 costs and a £40 victim surcharge.

ICO Enforcement Group Manager Michael Shaw said: “Once again we see people getting into serious trouble by ignoring patient confidentiality and their data protection responsibilities.

“Those who work with sensitive personal information need to be aware that if they access that information without good reason, they could well find themselves in court and end up with a criminal conviction.”