Information Commissioner warns NHS staff about snooping after another prosecution

The Information Commissioner’s Office has fired a warning to NHS employees about the risks of snooping into patient records without a valid legal reason, after its latest prosecution of a staff member.

Nicola Wren was employed as an administrator by Kent and Medway NHS and Social Care Partnership Trust when she breached data protection laws.

Medway Magistrates’ Court was told she had accessed the health records of a single patient 279 times over a three-week period in October and November 2015, viewing the files up to 50 times in a day.

Although the patient was known to the defendant, she had no valid lawful reason to access the records and did so without her employer’s consent, the ICO said.

Wren, 42, of Rainham, Kent, pleaded guilty to unlawfully accessing personal data in breach of s.55 of the Data Protection Act 1998 and was fined £300.

She was also ordered to pay prosecution costs of £364.08 and a victim surcharge of £30.

Mike Shaw, Criminal Enforcement Group Manager at the ICO, said: “Employees, who in many cases are very experienced and capable, are getting into serious trouble and often losing their jobs, usually over little more than personal curiosity.

“The laws on data protection are there for a reason and people have the right to know their highly sensitive personal information will be treated with appropriate privacy and respect. The ICO will continue to take action against those who abuse their position and potentially jeopardise the important relationship of trust between patients and the NHS.”

In August this year a former health care assistant at Colchester Hospital University NHS Foundation Trust was ordered to pay £1,715 in fines and costs after she pleaded guilty to offences of unlawfully obtaining and unlawfully disclosing personal data.

It subsequently emerged that a complainant had launched a claim against the trust over the unlawful access.