A former trainee medical secretary working in a GP practice has been fined after admitting to reading patients’ confidential medical records for reasons unrelated to her job role.
Despite having been trained in how to handle patient data ethically, the practice discovered Ms Pepper had been reading the patient file of one of her work colleagues without their consent. The practice investigated and discovered that Ms Pepper had illegally accessed the records of 231 patients.
The investigation revealed that some of the records belonged to work colleagues, family and friends, although many were also of the general public.
Ms Pepper admitted to four charges of unlawfully accessing data in breach of section 55 of the Data Protection Act 1998 at Kings Lynn Magistrates’ Court.
In an interview with the Information Commissioner’s Office (ICO) she accepted responsibility and could not justify her actions. She commented that she struggled with the monotony of some of her tasks.
She was fined over £1,000 in total, including costs and a victim surcharge.
ICO criminal investigation group manager Mike Shaw said: ‘People whose job allows them access to confidential and often sensitive information have been placed in a position of trust, and with that trust comes added responsibility.
‘Data protection law exists for a reason and curiosity or boredom is no excuse for failing to respect people’s legal right to privacy. Just because you can do something, that doesn’t mean you should.’
This is not the first time the ICO have brought forward a case like this.
Last year, former midwifery assistant Brioney Woolfe, who worked at Colchester Hospital University NHS Fountain Trust, was ordered to pay fines of over £1,700 at Colchester Magistrates’ Court after pleading guilty to unlawfully obtaining and unlawfully disclosing personal data.
Ms Woolfe had also accessed records of family members and colleagues over a two-year period.
You can read more about data protection and GDPR here.