It is no secret that the healthcare sector experiences the highest number of data breaches annually. And the sector has become even more attractive to cyber criminals (and even more prone to human errors) given that, in recent months, health organisations have had to focus on the Coronavirus pandemic.

The NHS and all related health bodies hold and process a wide range of our personal information. Besides the contact detail of their patients and employees, these bodies hold extremely sensitive information about patients including medical health, treatments, ethnicity and even sexual orientation, details which if wrongfully disclosed can cause serious upset and distress to the victims.

The healthcare sector (and, for that matter, any body which collects and processes a person’s data) is required by law and can be held accountable if it fails to protect patients’ data.

In previous blogs we have raised the importance of healthcare providers maintaining appropriate security systems in order to protect themselves from cyber-attacks and of the importance in providing ongoing training to staff members to that ensure personal information is not being wrongly disclosed because of “human error”.

Read our previous blogs:

And whilst most NHS data breaches are caused by simple human error, there is another and more troubling type of data breach afflicting the NHS: the “Data Snoop”. This happens when NHS staff members look through a patient’s medical records simply to satisfy their curiosity. It may be that a hospital staff member is in the middle of his or her shift when an ex-partner attends a hospital appointment with their current partner. And the hospital worker thinks, “What harm can it do to have a quick look why they are attending hospital?”

It appears that some NHS workers are not familiar with the saying “curiosity killed the cat”!  However, it is unlawful to access patient records without a valid legal reason and the relevant NHS trust can be fined for non-compliance. And the offending staff member might lose his or her job.

The Information Commissionaire Office (ICO) does not hold back from prosecuting NHS workers who fail to comply with data protection regulations:

“Employees, who in many cases are very experienced and capable, are getting into serious trouble and often losing their jobs, usually over little more than personal curiosity.

“The laws on data protection are there for a reason and people have the right to know their highly sensitive personal information will be treated with appropriate privacy and respect. The ICO will continue to take action against those who abuse their position and potentially jeopardise the important relationship of trust between patients and the NHS.”

If you have reason to believe that a healthcare employee has been accessing your medical records without authorisation and outside the scope of their duties causing you distress, please get in touch with one of our solicitors at DRM Legal to help you obtain the  compensation you deserve.