As the year comes to an end, the successful prosecution of a former GP surgery manager for serious data breaches reminds us why we remain deeply concerned about lax attitudes towards our medical data. We have consistently argued that patients should have more control over their medical records and proper punishments should be issued to those who abuse their access to this information.
In September we wrote about the concerns of many GP’s about the new NHS care.data system. Patients have had zero direct communication from the NHS about the program, with patient information posters are wholly uninformative and have only been displayed in GP surgeries, rather than being sent directly to patients. It is very simple; any change to how medical data is used should mean that we are notified to the highest standards, with an easy opt-out process.
Just this week a former GP surgery manager was prosecuted for serious data breaches, highlighting why we believe that patients should have the right to know if their medical records are found to have been illegally accessed. In this case, an individual had illegally accessed the medical records of more than 1,940 patients. Many of the records related to women in their 20s and 30s whilst the records of one woman, who is believed to be a school friend, and her son were accessed repeatedly.
Despite being found guilty, the punishment was merely fines of £996, a £99 victim surcharge and £250 prosecution costs. Until courts are able to hand out proper punishments to people who violate our privacy, individuals will continue to choose to ignore the law. The ICO and BBW remain frustrated about the lax punishments that are handed out for section 55 offences, and we repeat our call for more effective sentences, including the threat of prison, for those found unlawfully accessing or disclosing personal information.