Secretary Fined For Accessing Scores of Patient Records

A former NHS secretary has been fined by the data protection regulator after illegally accessing the medical records of over 150 people.

The Information Commissioner’s Office (ICO) said that a complaint was first lodged back in June 2019, after a patient raised concerns that their records had been improperly accessed by Loretta Alborghetti, from Redditch.

Alborghetti worked as a medical secretary within the ophthalmology department of Worcestershire Acute Hospitals NHS Trust. Yet she accessed this particular individual’s records 33 times without consent between March 2019 and June 2019, a subsequent ICO investigation found.

The regulator then found that she had accessed a total of 156 patient records without consent or a business need, viewing them more than 1800 times within the three-month period. This included the records of individuals and their family members with postcodes local to where she lived at the time.

The people whose records she accessed apparently had no medical conditions relating to ophthalmology.

Read more on NHS privacy concerns: NHS to Share Patient Data with Third Parties, Fueling Privacy and Security Fears

ICO head of investigations, Andy Curry, argued that the public shouldn’t have to think twice about whether their medical data is in safe hands.

“We want to remind those in positions of trust that just because your job may grant you access to other people’s personal information, that doesn’t mean you have the legal right to look at it for your own purposes,” he added.

“This case shows that the ICO will take action when confidential personal records are accessed unlawfully. Curiosity is no excuse for breaching data protection laws.”

However, the size of the fine handed to Alborghetti (£648/$810) arguably falls short of that needed to send a clear message to others.

She pleaded guilty to unlawfully obtaining personal data in breach of Section 170 of the Data Protection Act 2018, according to the ICO.