Please note that articles may contain affilitate links. As an Amazon Associate I earn from qualifying purchases.

Monday, 20 November 2023

Nosy NHS Secretary Unlawfully Accessed Medical Records

A nosy former NHS secretary has been convicted of unlawfully accessing the medical records of patients.

Loretta Alborghetti, 51, of Redditch, admitted an offence of unlawfully obtaining personal data when she appeared at Worcester Magistrates' Court on Wednesday, 15th November 2023.

It is an offence under section 170 of the Data Protection Act 2018 to obtain, disclose or retain personal data without the consent of the relevant data controller. This offence has a maximum penalty of an unlimited fine, whether tried summarily or on indictment.

Magistrates heard that Alborghetti was previously employed as a secretary in the opthamology department at Worcestershire Royal Hospital.

The Information Commissioner's Office (ICO) carried out an investigation at the hospital after receiving a complaint that the medical records of a patient had been unlawfully accessed.

The investigation confirmed that Alborghetti had accessed the medical records of an individual on 33 separate occasions between March and June 2019, when she did not have the necessary consent or a legitimate business need to do so.

Over the same period of time she accessed the medical records of 156 patients more than 1,800 times, again without the necessary consent or legitimate business need to do so. The ICO noted that many of these patients were known to Alborghetti and lived in her local area.

Alborghetti was required to access patient medical records as part of her role, but many of the patients concerned were not undergoing treatment in the opthamology department.

Magistrates imposed a fine, surcharge and costs on Alborghetti totalling £648.

Stephen Collman, the recently appointed managing director of Worcestershire Acute Hospitals NHS Trust, said: "Protecting patient and staff confidentiality and privacy is a matter of the utmost importance to us, we take any breaches of confidentiality extremely seriously.

"Where any member of staff is found to be in breach of our clearly communicated guidelines, we will not hesitate to take the appropriate disciplinary action and we will also co-operate fully when any further action, including prosecution is needed."

Andy Current, ICO head of investigations, said: "People should never have to think twice about whether their sensitive data, such as their medical records, is secure and in safe hands.

"We want to remind those in positions of trust that just because your job may grant you access to other people's personal information, that doesn't mean you have the legal right to look at it for your own purposes.

"This case shows that the ICO will take action when confidential personal records are accessed unlawfully. Curiosity is no excuse for breaching data protection laws."

No comments: