Prosecution for illegal records access

  • 3 December 2013
Prosecution for illegal records access
Patient records: going online

 A former GP surgery manager has been prosecuted and fined for illegally accessing the medical records of nearly 2,000 patients, most of whom were women in their 20s and 30s.

Steven Tennison pleaded guilty to charges of unlawfully obtaining personal data of patients at College Practice GP surgery where he worked as a manager overseeing finances.

Maidstone Magistrates Court convicted Tennison, who was fined £996 and ordered to pay a £99 victim surcharge and £250 prosecution costs.

Tennison was found to have accessed patient records 2,023 times between 6 August 2009 and 6 October 2010. He only needed to access patient records on three occasions during this time.

Most of the records he viewed were related to women in their 20s and 30s, including the records of one woman, believed to be a school friend of Tennison- which were accessed repeatedly, along with those of her son.

The crime was discovered in 2010 when the practice manager at the surgery was asked to review Tennison’s attendance file.

The head of enforcement at the Information Commissioner’s Office, Stephen Eckersley, said that Tennison knew he was breaking the law when he accessed the records.

“We may never know why Steven Tennison decided to break the law by snooping on hundreds of patients’ medical records,” he said.

“What we do know is that he’d received data training and knew he was breaking the law, but continued to access highly sensitive information over a 14-month period.”

He added that staff at College Practice GP surgery work hard to maintain the confidentiality of patient records.

“The irresponsible actions of one employee have undermined their work and he is now facing the consequences of his unlawful actions,” said Eckersley.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a fine of up to £5,000 in a magistrate’s court or an unlimited fine in a crown court.

The ICO is calling for a more effective sentence, including the threat of prison, to be available to the courts.

 

 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.
World Health Organisation launches Global Initiative on Digital Health

World Health Organisation launches Global Initiative on Digital Health

The World Health Organization Tuesday launched its new Global Initiative on Digital Health, designed to aid country-led digital health transformation.