A former Health Advisor pleaded guilty to, and was prosecuted for unlawfully obtaining personal data, and was ordered to compensate his victims.
A former Health Advisor has been prosecuted for obtaining the personal data of service users, particularly patients of South Warwickshire NHS Foundation Trust. He was found guilty of accessing the medical records of patients without a valid legal reason.While working at the South Warwickshire NHS Foundation Trust, he unlawfully accessed the records of 14 patients, all of whom he knew personally. These records were accessed between June and December 2019, without a valid business reason and without the knowledge of his employer, the NHS Foundation Trust.
The former Health Advisor pleaded guilty and was ordered to compensate each victim, for a breach that they say left them feeling anxious.
On August 3rd, 2022 former Health Advisor, Christopher O’Brien appeared before Coventry Magistrates’ Court and pleaded guilty to 6 counts of unlawfully obtaining personal data, violating s170 of the Data Protection Act 2018. He was ordered to pay £250 compensation to each data subject, totalling £3,000. According to one of the victims, the breach left them worried and anxious about Mr O’Brien having access to their health records. Another victim mentioned that the breach put them off from going to their doctor.
The ICO Director of Investigations believes that this should be taken as a lesson and a reminder to employees with access to personal data.
Stephen Eckersley, ICO Director of Investigations, said in a statement “Such behaviour can be extremely distressing for the victims. Not only is it an invasion of their privacy, it potentially jeopardises the important relationship of trust and confidence between patients and the NHS.” He advises organisations to remind their staff about their data protection and information governance responsibilities. This includes how they should handle people’s sensitive data, and that they should do so responsibly. He believes this case should serve as a reminder to people that just because your position may allow you access to other people’s personal information, particularly special category data as is the case with health records, this doesn’t give you the legal right to look at it.
