And while we’re talking about insider breaches, here’s a case from the U.K. From the Information Commissioner’s Office:
A nursing auxiliary has been fined for accessing a patient’s medical records without a valid legal reason.
Marian Waddell, 61, was working at the Royal Gwent Hospital in Newport when she unlawfully accessed the records of the patient, who was known to her, on six occasions between July 2015 and February 2016. She did so without a valid business reason and without the knowledge of the data controller, the Aneurin Bevan University Health Board.
Waddell, of Walsall Street, Newport, admitted unlawfully accessing personal data in breach of s55 of the Data Protection Act 1998 when she appeared at Cwmbran Magistrates’ Court. She was fined £232 and was ordered to pay £150 costs as well as a £30 victim surcharge.
Of the eight criminal prosecutions the Information Commissioner’s Office (ICO) has brought in 2017 against NHS employees for breaching patient privacy, three have been in Wales.
Read more on the ICO’s site.