Welsh GP administrator fined for illegally accessing patient records

A former GP administrator has been fined hundreds of pounds by the Information Commissioner Officer (ICO) for unlawfully accessing patient records.

Sally Anne Day, formerly of Powys Teaching Health Board, was fined £400 by the ICO.

Day repeatedly and unlawfully accessed the medical records of two patients between August 2015 and July 2016.

She was fined £200 for each offence and was also ordered to pay £350 costs and a £40 victim surcharge.

Day accessed the first patient’s confidential records 51 times, and the second patient’s records on a further eight occasions.

She appeared for sentencing at Newport Crown Court having pleaded guilty to the two offences under section 55 of the Data Protection Act.

Day subsequently quit her job as an administrator for Powys Teaching Health Board based at a GP surgery.

The case – which was brought by the ICO – was originally listed at Cwmbran Magistrates Court but was transferred to the crown court, due to the serious breach of trust involved and the number of times the data subjects’ confidential records were illegally accessed.

The ICO’s enforcement group manager Michael Shaw said: “Once again we see people getting into serious trouble by ignoring patient confidentiality and their data protection responsibilities”.

“Those who work with sensitive personal information need to be aware that if they access that information without good reason, they could well find themselves in court and end up with a criminal conviction.”

medConfidential coordinator Phil Booth said this demonstrates the necessity  for every patient to be able to see when their records have been accessed.

“It also shows why such information both helps GPs and reduces concerns of patients”. Booth said.