Home | News | Unlawful CAD access

Unlawful CAD access

Data protection day 2022

In recent weeks there has been a significant increase in the number of staff accessing patient information inappropriately, specifically CAD records. This breaches all the following:

  • Patient confidentiality
  • The terms of your employment
  • The Trusts Data Protection Policy
  • The Trusts Information Security Policy
  • The Data Protection Act 2018
  • The Computer Misuse Act 1990

 

Consequently, you risk losing your job and being prosecuted by law, which can entail both large fines and a criminal record. Depending on your role, it may also be reported to the Health and Care Professions Council (HCPC) for investigation.

These incidents will not be tolerated by the Trust and must stop immediately. If you have no reason to access any business-related information, and most specifically patient information, then please do not abuse your privileged access simply for the sake of being ‘nosy’, or for other non-essential reasons. The Trust takes these data breaches very seriously. If you did not know what has been mentioned above, we recommend you review your Information Governance Mandatory Training and refresh your understanding of the aforementioned policies that all Trust staff are bound by.

Below are two examples taken from the Information Commissioners Office (ICO) website, whereby NHS employees have unlawfully accessed patient records. The individuals in question were both found guilty in a magistrate’s Court and made to pay fines to the victims as well as court fees. These are just two recent examples (August 2022 and February 2023) of NHS staff being held accountable for their irresponsible and unprofessional actions.

 

  • Martin Swan was a 111 call handler who inappropriately accessed a child’s record and his family’s records. He pleaded guilty to five counts of unlawfully obtaining personal data in breach of Section 55 of the Data Protection Act when he appeared at Uxbridge Magistrates’ Court on 15 February 2023. He was fined £630 with a victim surcharge and court costs totalling £1,093.
  • Christopher O’Brien inappropriately accessed the records of 14 patients, who were known personally to him. He pleaded guilty to unlawfully obtaining personal data in breach of section 170 of the Data Protection Act 2018 when he appeared at Coventry Magistrates’ Court on 3 August 2022. He was ordered to pay compensation totalling £3,000.

 

Please do not let this be you. If have any further questions, or indeed concerns, please contact the Information Governance Team via email our informationgovernance@eastamb.nhs.uk.

 

 Published 15th March 2023