GP consultation app launch met with some reservations

GP consultation app launch met with some reservations

November 10 2017 An app allowing patients to have an NHS consultation with GP using a smartphone...

ICO extends GDPR helpline with specific support for small organisations

ICO extends GDPR helpline with specific support for small organisations

November 6 2017 A dedicated helpline to support small organisations prepare for the General Data...

New document summaries data security and protection requirements for health and care services

New document summaries data security and protection requirements for health and care services

November 2 2017 New guidance on complying with the 10 data security standards recommended by the...

My Health Online system enhancements announced in Wales

My Health Online system enhancements announced in Wales

October 25 2017 The My Health Online (MHOL) system allowing patients to link to their GP practice...

EPS has saved prescribers £327 million

EPS has saved prescribers £327 million

October 13 2017 The Electronic Prescription Service saved £327 million for prescribers...

  • GP consultation app launch met with some reservations

    GP consultation app launch met with some reservations

    Friday, 10 November 2017 17:35
  • ICO extends GDPR helpline with specific support for small organisations

    ICO extends GDPR helpline with specific support for small organisations

    Monday, 06 November 2017 11:40
  • New document summaries data security and protection requirements for health and care services

    New document summaries data security and protection requirements for health and care services

    Thursday, 02 November 2017 16:34
  • My Health Online system enhancements announced in Wales

    My Health Online system enhancements announced in Wales

    Wednesday, 25 October 2017 15:33
  • EPS has saved prescribers £327 million

    EPS has saved prescribers £327 million

    Friday, 13 October 2017 10:03

a medical professional at computer cbAugust 15 2017

People handling patient records must have a valid reason to access the information in them, the Information Commissioner’s Office has warned.

 The reminder follows a Magistrates’ Court ordering a health care assistant to pay £1,715 after unlawfully accessing patient records without a business purpose. The hospital worker was given a fine and ordered to pay costs “after pleading guilty to offences of unlawfully obtaining and unlawfully disclosing personal data.”

Among the 29 patient records accessed by the health care assistant were those of “family members, colleagues and others where no connection with the defendant is known, between December 2014 and May 2016.

“Some of the information was subsequently shared with others. That was not only a breach of patient confidentiality but also against the Data Protection Act,” the ICO said this week.

It is one of several prosecutions the ICO has brought over the past few months. Head of Enforcement Steve Eckersley said: “Once again we see an NHS employee getting themselves in serious trouble by letting their personal curiosity get the better of them.

“Patients are entitled to have their privacy protected and those who work with sensitive personal data need to know that they can’t just access it or share it with others when they feel like it. The law is clear and the consequences of breaking it can be severe.”

The ICO pointed out that a new law, the General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998 with effect from May 25 2018.

“The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000,” it said.

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with the individual’s rights;
  • secure; and
  • not transferred to other countries without adequate protection.

The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.

Links:
ICO announcement          
ICO case summary            

Management News

November 16 2017 Scotland’s new General Medical Services contract could “reduce workload pressures and re-establish general practice as an attractive career choice,” the BMA has...
December 10 2015 A doctor may find themselves the subject of an investigation at any time in their career, from medical students to trainee doctors, GPs or consultants. Whether it’s an issue...