ICO warns NHS staff over accessing personal data as care assistant fined

A former health care assistant has been ordered to pay £1,715 in fines and costs after she pleaded guilty to offences of unlawfully obtaining and unlawfully disclosing personal data.

Colchester Magistrates’ Court was told Brioney Woolfe, an ex-midwifery assistant, accessed the medical records of several people without a business purpose to do so while employed by Colchester Hospital University NHS Foundation Trust.

An Information Commissioner’s Office investigation, which followed a complaint by a patient, established that Woolfe had accessed the records of 29 people including family members, colleagues and others where no connection with the defendant was known, between December 2014 and May 2016.

Some of the information was subsequently shared with others. “That was not only a breach of patient confidentiality but also against the Data Protection Act,” the ICO said.

Woolfe, 29, of Stour Close, Dovercourt, Essex, was fined £400 for the offence of obtaining personal data, and a further £650 for the offence of disclosing personal data. She was also ordered to pay a contribution of £600 towards prosecution costs, plus a victim surcharge of £65.

The ICO said the case was one of five prosecutions it had brought involving staff illegally accessing health records since October 2016.

The watchdog’s Head of Enforcement, Steve Eckersley, said: “Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them.

“Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”