Illegal records access leads to fine
- 12 January 2012
A former health worker has pleaded guilty to unlawfully accessing the medical records of five members of her ex-husband’s family in order to get their new telephone numbers.
Juliah Kechil’s crime was discovered when the accesses were traced through audit trails using her smartcard ID.
Kechil, formerly known as Merritt, was a health care assistant in the outpatients department at the Royal Liverpool University Hospital.
She was convicted under section 55 of the Data Protection Act at Liverpool City Magistrates Court today, fined £500 and ordered to pay £1,000 towards prosecution costs and a £15 victim surcharge.
Kechil accessed the medical records of five peoplebetween July and November 2009.
Royal Liverpool University Hospital began an investigation in November 2009 when the defendant’s father-in-law contacted the hospital after receiving nuisance calls, which he suspected had been made by his former daughter-in-law.
He had changed his phone number in July 2009 following unwanted calls from Kechil and was immediately concerned that there had been a breach of patient confidentially.
Checks by the hospital revealed that all of the patients whose details had been compromised were not at any time under the medical care of Kechil and she had no work-related reasons to access their records.
Information Commissioner’s Office head of enforcement, Steve Eckersley, said the illegal accessing was a serious offence.
“Ms Kechil accessed medical records for entirely personal reasons. The breach of their privacy would obviously have been very distressing for the individuals involved,” he said.
“People should be able to feel confident that their personal details will be stored securely and only accessed when there is a legitimate business need. We will always push for the toughest penalties against individuals who abuse this trust.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a financial penalty of up to £5,000 in a magistrates court or an unlimited fine in a crown court.
In a statement, the trust said: "We take data protection and the confidentiality of our patients very seriously.
"We thoroughly investigate any breaches of data protection and ensure that necessary disciplinary action is taken. This member of staff is no longer employed with us."