Ex-medical secretary at NHS trust pleads guilty to unlawfully obtaining personal data

November 17, 2023

A former employee of an NHS trust has been fined for illegally accessing the medical records of more than 150 people.

The Information Commissioner’s Office said Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records.

In June 2019, a complaint was raised by a patient who was concerned that their medical records had been accessed by an employee.

An investigation revealed that Alborghetti had accessed this individual’s records 33 times between March 2019 and June 2019, without consent or a business need to do so.

It further discovered that she had accessed a total of 156 patient records without consent or a business need, viewing them over 1,800 times within the three-month period. This included the records of family members and individuals with postcodes local to where she lived at the time.

The ICO said that as part of her role as a medical secretary, Alborghetti was required to access clinical and personal information of patients within the ophthalmology department. However, the individuals whose records were accessed had no medical conditions relating to ophthalmology.

Alborghetti appeared before Worcester Magistrates’ Court on 15 November 2023. Following the investigation from the Information Commissioner’s Office, she pleaded guilty to unlawfully obtaining personal data in breach of Section 170 of the Data Protection Act 2018 and was ordered to pay a total of £648.

Andy Curry, ICO Head of Investigations, said: “People should never have to think twice about whether their sensitive data, such as their medical records, is secure and in safe hands.

“We want to remind those in positions of trust that just because your job may grant you access to other people’s personal information, that doesn’t mean you have the legal right to look at it for your own purposes.

“This case shows that the ICO will take action when confidential personal records are accessed unlawfully. Curiosity is no excuse for breaching data protection laws.”-

Ex-medical secretary at NHS trust pleads guilty to unlawfully obtaining personal data

Judge remits FOI case after finding First-Tier Tribunal was wrong to strike out proceedings, amid doubts over reliability of previous evidence from council

Information watchdog publishes guidance on transparency in health and social care

Council loses appeal over FOI request for names of those who submitted consultation responses as part of their public-facing roles

Information watchdog seeks views on accuracy of generative AI models in third call for evidence

Cornerstone on Information Law

A guide to UK data protection law with relevant provisions of the Data Protection Act 2018

A Practical Guide to GDPR for Schools

Cornerstone on Social Housing Fraud

Essential Law for Cemetery and Crematorium Managers

Making Decisions Judicially - A Guide for Decision-Makers

Information Rights

Director of Law and Governance