Health worker convicted of obtaining patient details unlawfully
Add an article Back to list
Issued
12 January
2012
A former health
worker has pleaded guilty to unlawfully obtaining patient information
by accessing the medical records of five members of her ex-husband’s
family in order to obtain their new telephone numbers.
Juliah Kechil,
formerly known as Merritt, a former Health Care Assistant in the
outpatients department at the Royal Liverpool University Hospital, was
convicted under section 55 of the Data Protection Act at Liverpool City
Magistrates Court today. She was fined £500 and also ordered to pay
£1,000 towards prosecution costs and a £15 victim surcharge.
Ms Kechil accessed
the medical records of the five individuals between July and November
2009. Royal Liverpool University Hospital began an investigation in
November 2009 when the defendant’s father-in-law contacted the hospital
after receiving nuisance calls which he suspected had been made by his
former daughter-in-law. Having changed his phone number in July 2009
following unwanted calls from Ms Kechil, he was immediately concerned
that there had been a breach of patient confidentially.
Checks by the
hospital revealed that all of the patients whose details had been
compromised were not at any time under the medical care of Ms Kechil
and she had no work-related reasons to access their records. She
accessed the information for her own personal gain without the consent
of her employer. The accesses were traced through audit trails which
were linked to the defendant’s smartcard ID.
Head of
Enforcement, Steve Eckersley, said:
“Unlawfully
obtaining other people’s information for personal gain is a serious
offence which can have potentially devastating effects. Ms Kechil
accessed medical records for entirely personal reasons. The breach of
their privacy would obviously have been very distressing for the
individuals involved.
“People should be
able to feel confident that their personal details will be stored
securely and only accessed when there is a legitimate business need. We
will always push for the toughest penalties against individuals who
abuse this trust.”
Unlawfully
obtaining or accessing personal data is a criminal offence under
section 55 of the Data Protection Act 1998. The offence is punishable
by way of a financial penalty of up to £5,000 in a Magistrates Court or
an unlimited fine in a Crown Court. The ICO continues to call for more
effective deterrent sentences, including the threat of prison, to be
available to the courts to stop the unlawful use of personal
information.
If you need more
information, please contact the ICO press office on 0303 123 9070 or
visit the website at www.ico.gov.uk
Notes
- The Information Commissioner’s Office upholds information
rights in the public interest, promoting openness by public bodies and
data privacy for individuals.
- The ICO has specific responsibilities set
out in the Data Protection Act 1998, the Freedom of Information Act
2000, Environmental Information Regulations 2004 and Privacy and
Electronic Communications Regulations 2003.
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
legislation:
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
Regulations
2003
- Environmental Information Regulations
2004
