Nurse prosecuted for patient data breaches

Posted: 20th March 2017

data securityPublic authorities hold vast amounts of personal data and safeguards are in place to ensure that such information is kept safe. In one case, the Office of the Information Commissioner (ICO) mounted a successful prosecution against a former nurse who accessed the sensitive medical records of over 3,000 patients.

The woman, aged 63, from Carmarthenshire had also obtained unauthorised access to records across an NHS region and was dismissed when the truth emerged. It was one of the most serious incidents of its kind ever to affect the NHS in that region and, following an internal inquiry, patients were contacted and reassured that no records had been changed and that medical care had not been affected.

The former nurse, who had worked at Glangwili hospital, had accessed the electronic records without the permission of the data controller and, after the matter was referred to the ICO, she pleaded guilty to breaches of the Data Protection Act 1998. She was fined £650, and ordered to pay costs of £664 and a victim surcharge of £65.