From the Information Commissioner’s Office:
A former employee of a Milton Keynes hospital trust has been prosecuted for accessing patient records without authorisation.
Michelle Harrison, of Milton Keynes, inappropriately accessed the records of 12 patients outside of her role as receptionist/general assistant in the Orthotics Department at Milton Keynes University Hospital NHS Foundation Trust between March 2016 and January 2017.
These included the patient records of her ex-partner and a woman who claimed that Ms Harrison had used the information to harass her and had complained to the Trust.
The Trust contacted the Information Commissioner’s Office in March 2017 after they had received the complaint.
Harrison pleaded guilty to unlawfully accessing personal data and unlawfully disclosing personal data in breach of s55 of the Data Protection Act 1998 at Milton Keynes Magistrates’ Court on Friday 20 April. She was sentenced to offence 1 – £134, offence 2 – £166 and victim surcharge of £30.
Mike Shaw, Head of Criminal Investigations at the ICO, said:
”This abuse of a position of trust has caused significant distress to a number of people. The laws on data protection are there for a reason and people have the right to know their highly sensitive personal information will be treated with appropriate privacy and respect. The ICO will continue to take action against those who abuse their position and potentially jeopardise the important relationship of trust between patients and the NHS.”
So that’s it? If you snoop on patient records and then misuse the information to harass people, you may lose your job and get a fine of a few hundred pounds? Am I missing something here? How is this any kind of serious deterrent? Does the prosecution under s55 create some record that will cause problems going forward that might be a deterrent?