If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
A former NHS administrator has been fined for unlawfully accessing patient records. Sally Anne Day, of Aberavenny, Wales, appeared for sentencing at Newport Crown Court having pleaded guilty to two offences under section 55 of the Data Protection Act.
Day repeatedly and unlawfully accessed the medical records of two patients between August 2015 and July 2016, causing them distress.
In that time she accessed the first patient’s confidential records 51 times, and the second patient’s records on a further eight occasions.
Day subsequently resigned from her job as an administrator for Powys Trust Health Board (PTHB) based at a GP surgery.
The case – which was brought by the Information Commissioner’s Office – was originally listed at Cwmbran Magistrates Court but was transferred to the crown court, due to the serious breach of trust involved and the number of times the data subjects’ confidential records were illegally accessed.
Day was fined £200 for each offence and was also ordered to pay £350 costs and a £40 victim surcharge.
ICO Enforcement Group Manager Michael Shaw said:
“Once again we see people getting into serious trouble by ignoring patient confidentiality and their data protection responsibilities.
“Those who work with sensitive personal information need to be aware that if they access that information without good reason, they could well find themselves in court and end up with a criminal conviction.”