Information Commissioner's Office
Former NHS secretary found guilty of illegally accessing medical records
A former NHS employee has been found guilty and fined for illegally accessing the medical records of over 150 people.
Loretta Alborghetti, from Redditch, worked as a medical secretary within the Ophthalmology department at Worcestershire Acute Hospitals NHS Trust when she illegally accessed the records.
In June 2019, a complaint was raised by a patient who was concerned that their medical records had been accessed by an employee.
An investigation revealed that Ms Alborghetti had accessed this individual’s records 33 times between March 2019 and June 2019, without consent or a business need to do so.
It further discovered that she had accessed a total of 156 patient records without consent or a business need, viewing them over 1800 times within the three-month period. This included the records of family members and individuals with postcodes local to where she lived at the time.
As part of her role as a medical secretary, Ms Alborghetti was required to access clinical and personal information of patients within the ophthalmology department. However, the individuals whose records were accessed had no medical conditions relating to ophthalmology.
Ms Alborghetti appeared before Worcester Magistrates’ Court on 15 November 2023. Following the investigation from the Information Commissioner’s Office, she pleaded guilty to unlawfully obtaining personal data in breach of Section 170 of the Data Protection Act 2018 and was ordered to pay a total of £648.
Andy Curry, ICO Head of Investigations said:
“People should never have to think twice about whether their sensitive data, such as their medical records, is secure and in safe hands.
“We want to remind those in positions of trust that just because your job may grant you access to other people’s personal information, that doesn’t mean you have the legal right to look at it for your own purposes.
“This case shows that the ICO will take action when confidential personal records are accessed unlawfully. Curiosity is no excuse for breaching data protection laws.”
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Statement on Court of Appeal judgment on Freedom of Information Act appeal24/11/2023 09:20:00
The Court of Appeal has ruled against the Information Commissioner’s Office (ICO) in a Freedom of Information Act 2000 appeal regarding the ability to aggregate public interest factors for and against disclosure when applying exemptions under the Act.
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case21/11/2023 12:25:00
Statement regarding the outcome of the Independent External Review of Lancashire Police’s handling of the Nicola Bulley case.
Information Commissioner seeks permission to appeal Clearview AI Inc ruling20/11/2023 12:25:00
The UK Information Commissioner is seeking permission to appeal the judgment of the First Tier Tribunal (Information Rights) (Tribunal) on Clearview AI Inc (Clearview).
What to consider when using online forms to receive information requests16/11/2023 11:10:00
Are you using online forms to receive information requests?
‘Be smarter than your smart tech’ – ICO issues top tips for consumers buying smart devices on Black Friday16/11/2023 10:10:00
The Information Commissioner’s Office (ICO) has shared its top tips to support consumers shopping smart tech this Black Friday.
Assessing data protection practices of UK tracing agents14/11/2023 12:25:00
Blog posted by: Anthony Luhman, ICO Director of PACE Projects and Interim Director of Investigations, 14 November 2023.
ICO and European Data Protection Supervisor (EDPS) sign Memorandum of Understanding09/11/2023 12:25:00
The UK Information Commissioner’s Office (ICO) and the European Data Protection Supervisor (EDPS) have signed a Memorandum of Understanding (MoU), which reinforces their common mission to uphold individuals’ data protection and privacy rights, and cooperate internationally to achieve this goal.
An apology from the ICO to Dame Alison Rose06/11/2023 16:20:00
The ICO recently investigated a complaint from Nigel Farage.
Information Commissioner’s Office issues three fines totalling £170,000 for illegal direct marketing02/11/2023 12:25:00
Three companies offering financial services have been fined £170,000 collectively by the Information Commissioner’s Office (ICO) for illegal direct marketing under the Privacy and Electronic Communications Regulations (PECR).