Nurse Fined After Admitting to Accessing Patient Records

A nurse has been dismissed and fined after admitting breaching the Data Protection Act by accessing patients’ confidential files over a two-year period.

According to local reports, Elaine Lewis, from Llansteffan, pleaded guilty at Llanelli Magistrates Court to obtaining personal data without permission between 8 July 2013 and 2 September 2015. That amounted to a breach of sections 55 and 60 of the Data Protection Act.

Although based at Glangwili Hospital, Lewis accessed patient records from a range of health facilities across the region, including Pembrokeshire, Carmarthenshire and Ceredigion, the Milford Mercury reported.

Lewis was fined £650, plus ordered to pay a victim surcharge of £65, and costs of £664.

The matter was referred to the ICO by the Health Board itself. The ICO has yet to respond to Infosecurity Magazine’s request for comment about whether any further action will be taken. The Court only has powers to fine the individual, a spokeswoman for the Health Board confirmed to Infosecurity Magazine.

The Hywel Dda University Health Board first disclosed the breach in July 2016 after an internal investigation found that Lewis had inappropriately accessed patient records. The Board contacted the affected patients and dismissed Lewis. The Health Board wouldn't confirm how many patients were affected, but did say it was a "large number". No information was changed and patient care was not affected, the Health Board added.

In a statement the Health Board said Lewis was, “dismissed for breaching patient confidentiality and acting outside of their professional code of conduct as well as the Health Board’s own policies on data protection and information governance.”

Steve Moore, chief executive of the The Hywel Dda University Health Board, said: “We are satisfied the Information Commissioner and the court have taken appropriate action against the individual in question and now that the investigation is complete we will be writing again to each patient directly affected by this matter to apologize and offer further support.

“Patient confidentiality is of paramount importance to us and since the initial incident we have put in place a series of measures to strengthen our information governance processes and procedures,” he added.

What’s hot on Infosecurity Magazine?