NHS worker fined £500 for illegally accessing health records

A former NHS health worker has been fined £500 for illegally accessing the data of five members of her ex-husband's family in a breach of Section 55 of the Data Protection Act (DPA).

The five accounts were accessed by Juliah Kechil in 2009, while she was working for the Royal Liverpool University Hospital, in order to obtain the phone numbers of the ex-family members.

The alarm was raised by her former father-in-law who was suspicious that having changed his phone number to avoid nuisance calls from Kechil earlier in the year they soon started again.

He contacted the hospital which started an investigation in November 2009. By using an audit trail linked to her ID card, they discovered that Kechil had accessed the records despite there being no professional reason for her to do so.

As a result, she was ordered to pay a fine of £500, prosecution costs of £1,000 and a victims' surcharge of £15.

The Information Commissioner's Office (ICO) head of enforcement Steve Eckersley, said the case underlined the right for individuals to expect privacy when providing personal information to organisations.

"Unlawfully obtaining other people's information for personal gain is a serious offence, which can have potentially devastating effects," he said.

"The breach of their privacy would obviously have been very distressing for the individuals involved."

The ICO has repeatedly called for tougher sentencing guidelines around those who breach Section 55 of the DPA, arguing the threat of jail time needs to be introduced to provide a stronger deterrent against personal data theft.

In October 2011, MPs on the Justice Select Committee backed these calls from information commissioner Christopher Graham, urging the government to introduce jail sentences to curb this growing menace.