It’s important to know who is accessing information
In a very recent Tribunal case, an NHS nurse named Julia has won £10,000 because her employers seemingly ‘allowed’ another member of staff called Lauren, to view her medical record.
In this case, Lauren claims she looked at Julia’s record as they wanted to send flowers after Julia announced she was pregnant (but it is thought that Lauren was sceptical about the pregnancy hence accessing the records). Sadly Julia later had a miscarriage.
It has been confirmed that no medical information was viewed. But it really doesn’t matter what the reason was or the level of information accessed, the actual access to the records was unauthorised and against data protection laws.
It is the employer who has to pay the bulk of this amount. Interestingly, this wasn’t through a civil or criminal court, or a fine imposed by the Information Commissioner who regulates data protection, but a case made at an Employment Tribunal via the Equalities Act. The financial award was for Injury to Feelings.
Oh, and incidentally, it was noted that the flowers were never delivered!
This case highlights just how important it is to have the correct procedures in place to control access to information about staff, clients, or customers, and reminds us that all staff should be trained in dealing with anyone’s personal data appropriately and confidentially.
If you need any guidance on policies and procedures, any support or bespoke training, please get in touch and we can have a chat.