DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: GP surgery manager prosecuted for illegally accessing patients’ medical records

Posted on December 4, 2013 by Dissent

From the Information Commissioner’s Office:

A former manager who oversaw the finances of a GP’s practice in Maidstone has been prosecuted by the Information Commissioner’s Office (ICO) after unlawfully accessing the medical records of approximately 1,940 patients registered with the surgery.

Appearing at Maidstone Magistrates Court today, 37-year-old Steven Tennison pleaded guilty to charges of unlawfully obtaining personal data (section 55 of the Data Protection Act). He was fined a total of £996 and ordered to pay a £99 victim surcharge and £250 prosecution costs.

The offences were uncovered in October 2010 when the Practice Manager at College Practice GP surgery was asked to review Tennison’s attendance file. The review included a check of Tennison’s use of the patient records program, which showed that between 6 August 2009 and 6 October 2010 he had accessed patients’ records on 2023 occasions.

The majority of the records viewed related to women in their 20s and 30s. One woman’s record – believed to be a school friend of Tennison – was accessed repeatedly along with the record of her son.

The practice confirmed that Tennison only needed to access patients’ records on three occasions during this period, when the Practice Manager was on leave and he was responsible for investigating a complaint.

ICO Head of Enforcement, Stephen Eckersley, said:

“We may never know why Steven Tennison decided to break the law by snooping on hundreds of patients’ medical records. What we do know is that he’d received data training and knew he was breaking the law, but continued to access highly sensitive information over a 14-month period.

“The GPs and staff at College Practice GP surgery work hard to maintain the confidentiality of their patients’ records. The irresponsible actions of one employee have undermined their work and he is now facing the consequences of his unlawful actions.”

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ – up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

No related posts.

Category: Health Data

Post navigation

← Look What I Found: Moar Pony!
Made In Oregon customers warned of data breach (update2) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.