DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Medical receptionist prosecuted after unlawfully accessing patient’s details

Posted on March 12, 2013 by Dissent

A former receptionist at a GP surgery in Southampton has been prosecuted by the Information Commissioner’s Office (ICO) for unlawfully obtaining sensitive medical information relating to her ex-husband’s new wife.

Appearing at West Hampshire Magistrates today, Marcia Phillips was prosecuted under section 55 of the Data Protection Act and fined £750 and ordered to pay a £15 victim surcharge and £400 prosecution costs.

Ms Phillips was found to have accessed the information on 15 separate occasions over a 16-month period while working as a receptionist at the Bath Lodge Practice. The breach became apparent after Phillips left her job and sent a text message to her ex-husband’s partner referring to highly sensitive medical information taken from her medical record.

Deputy Commissioner and Director of Data Protection, David Smith, said:

“This case clearly shows the distress that can be caused when an individual uses a position of responsibility to illegally access sensitive personal information. Ms Phillips knew she was breaking the law, but continued to do so in order to cause harm to her ex-husband’s new wife.

“The nature of her job meant that she will have been in no doubt as to the importance of patient confidentiality. Despite this she repeatedly accessed the victim’s file without a valid reason.”

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a fine of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

David Smith added:

“We continue to urge the Government to press ahead with the introduction of tougher penalties to enforce the Data Protection Act. Without these unscrupulous individuals will continue to break the law. Action to replace the section 55 ‘fine only’ regime with an effective deterrent is long overdue. This change is not directed at the media and should not be held while Lord Justice Leveson’s recommendations on data protection and the media are considered.”

Source: Information Commissioner’s Office


Related:

  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
  • DOGE Denizen Marko Elez Leaked API Key for xAI
  • Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← Some days I’m glad I’m not on the A-list
PA: Two Crozer Keystone Health System employees involved in tax refund fraud case →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies
  • DOGE Denizen Marko Elez Leaked API Key for xAI
  • Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
  • RansomedVC is back — and is still attacking its competitors
  • Texas Enacts Electronic Health Record Data Localization Law
  • United Australia Party confirms ransomware attack, personal data and email correspondence exposed
  • Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy
  • 70% of healthcare cyberattacks result in delayed patient care, report finds

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​
  • Fourth Circuit upholds West Virginia ban on abortion pills
  • Meta fixes bug that could leak users’ AI prompts and generated content
  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.