back to article Hull man guilty of snooping on hundreds of medical records

A Hull man has been given a suspended sentence for looking at hundreds of women's medical records. Dale Trever, 22, was working for Hull Primary Care Trust as a "care data quality facilitator" when he accessed medical records of 413 female patients. The court was told he accessed records 597 times. He started his snooping …

COMMENTS

This topic is closed for new posts.
  1. The Other Steve
    Thumb Up

    Good show

    "Trever pleaded guilty to seven counts of breaking the Computer Misuse Act and said he'd acted out of idle curiousity."

    Oh look, it turns out curiosity IS a crime after all.

  2. Anonymous Coward
    Anonymous Coward

    I bet this isn't rare

    This sort of thing must go on all the time, not just in medical areas. I bet people in banks check out their mates mortgages, police records, online store shopping histories etc..

    1. Anonymous Coward
      Anonymous Coward

      No...

      I can't speak from the point of view of Police or Online Shopping, but Banks (In the EU, at least) are very sensitive to this sort of thing. It may even now be a regulatory requirement, but there was a wake-up call when someone at Vodafone downloaded all of David Beckham's text messages and sold them to some tabloid.

      The bank that I work at has systems that detect if people's accounts are looked at and no work is actually carried out.

    2. copsewood
      Big Brother

      who does what with who's medical record has to be logged

      He didn't have to look at very many records he had no reason to view before the logs left behind of his illegal access caught up with him. And of course validity of these logs all depends upon cutbacks not cheapening systems to the point where it becomes feasible and routine for NHS person A to authenticate using NHS person B's credentials.

    3. Anonymous Coward
      Big Brother

      Re: I bet this isn't rare

      When I was doing desktop support at a BT call centre in Dundee, some customer service droid checked out Thomas Hamilton's account after the Dunblane Massacre. Later that day he was marched off the office floor (and then out of the building some time afterwards) by three spooky-looking suits assisted by two of her majesty's finest. Rumour had it that the suits actually flew up from Oswestry.

      It was also routine for the droids to receive calls from security goons immediately after having legitimately viewed/amended a high profile person's account. Your average BT account holder scum seemed to be fair game though.

      Those and such as those, I suppose.

  3. Anonymous Coward
    Anonymous Coward

    Thankfully

    None of my records should be on that system, should being the hopeful word.

  4. frank ly
    WTF?

    Wasn't this expected, predicted?

    "The court was told he accessed records 597 times..........Trever pleaded guilty to seven counts of breaking the Computer Misuse Act"

    Why wasn't this 579 counts of breaking the Act? Why did it take an on-the-ball' practice manager to 'suspect' this, instead of in-built warning systems to detect it?

    Have the people who medical records have been browsed my this sad idiot been told that their data privacy has been breached and been advised of steps they can take to bring action against the idiot or the NHS? I doubt it. The only thing we can be sure of is that any Government organisation will totally foul-up any data protection obligations they have.

    1. John G Imrie
      FAIL

      Why?

      "Why did it take an on-the-ball' practice manager to 'suspect' this, instead of in-built warning systems to detect it?"

      Because it was built by the company that tendered the cheapest quote, meaning that to meet the budget and deadlines, as well as to speed up the system so it only took 2 minutes to login to, the security module was reduced to a user name and password stored in plane text in the system database.

      The database was of course a MSSQL server with the default admin password open to anyone with a PC on the 'trusted' medical network.

  5. Destroy All Monsters Silver badge

    Makes you want to go back to paper filing cabinets.

    Or you could convince the Bastard Operatrix to perform a quick DELETE FROM LOG, right?

    1. Anonymous Coward
      Anonymous Coward

      Err...

      Paper would stop this how? It may limit it, but it'll certainly be easier for any nosey employee of a practice to look at the records.

      Also - Paper records = no DR, I don't want my medical history accidentally destroyed.

    2. Anonymous Coward
      Anonymous Coward

      Sure....

      If you're using a mickey-mouse RDBMS.

      Real ones have areas that not even the DBA can remove without big fingerprints all over it.

  6. Rogerborg

    OH NOES TEH VICMISM!

    Lesson learned: next time you're rejected by a woman, just punch her in the teeth. You'll get far less than a 6 month jail term.

    1. Hollerith 1

      or, um...

      learn to accept a 'no, thanks' like a man?

      1. blackworx
        Paris Hilton

        @Hollerith1

        Irony detector malfunction in aisle 3

  7. David Pollard

    Opt Out

    In case there is anyone who hasn't opted out, to support their work, and for news about the NHS databases:

    http://www.thebigoptout.com

  8. Anonymous Coward
    Stop

    6 months eh?

    Same sentence as the policeman got for assaulting a woman in custody.

    http://uk.news.yahoo.com/4/20100907/tuk-policeman-sentenced-to-six-months-fo-dba1618.html

    It seems we have a sense of proportion failure somewhere, and no, I'm not saying which is right, if any, just that they don't equate in my view.

    1. Anonymous Coward
      Anonymous Coward

      suspended

      the sentence was suspended - he'll only do time if he does something stupid in the next 2 years.

      1. Anonymous Coward
        Anonymous Coward

        What, like assault someone, or read some records?

        That is all

  9. Anonymous Coward
    Thumb Up

    At least the Police have a policy in place

    They randomly pick PNC's checks and ask you to justify your reasons for requesting it. I gave a fixed penalty to a car on my street (it was blocking the road) and needed a PNC check to see if I could locate the owner first. Within a day I had a letter asking to prove this was legitimate check.

    1. Anonymous Coward
      Anonymous Coward

      Yes but...

      Having had 1st hand experience on the PNC side of that, they do nothing about it even if you can't prove it.

      Most stations just use the PNC terminals with the user that logged in at the begining of the shift taking the rap for all the searches done.

  10. A J Stiles
    Unhappy

    Seems harsh

    The offence should be committed when someone *acts on* information they were not supposed to have known (including passing it on to a third party), not when they merely discover it. At least credit people with a bit of discretion, FCOL.

    1. John G Imrie

      I guess they did

      Which is why he is not currently in prison.

    2. The Other Steve
      FAIL

      Not to sane people it doesn't

      "The offence should be committed when someone *acts on* information they were not supposed to have known"

      No, the offence is clearly defined (why do I have to keep repeating this every time a CMA story comes along) by S1 of the CMA. You don't get to break the law and then say "no harm, no foul", it doesn't - and shouldn't - work like that.

      For the hard of thinking, the offence was not "looking at the data", but breaching the CMA in getting access to the data to look at in the first place, m'kay ?

      1. A J Stiles

        I khow what the law says

        I know what the law says, I just think it's a bad law.

        If someone finds out something that wasn't specifically volunteered to them, but manages to keep quiet about it anyway, then I really don't see the harm in that.

        Of course, knowing something that you weren't supposed to know can sometimes create interesting situations (such as knowing that the gas fire in the holiday cottage where you have been sleeping with your mistress has been chuffing out CO, but not being able to warn your wife about it before she takes the kids there for a surprise holiday for fear of your affair being discovered) but they are the exception, and should be dealt with on a case-by-case basis.

        It's not so much that other people know things about you that you'd rather they didn't, as that you know they know those things.

  11. AndrewG
    WTF?

    Oh Cool

    So now theres proof that you can whip through those huge databases that UK poli's have been saying are "Absolutely Secure", collect whatever information you want, and then just walk off the charge by saying you were curious.

    Six months suspended is a joke!

  12. dephormation.org.uk
    Alert

    NHS Summary Care 'Opt Out' form

    NHS Summary Care 'Opt Out' form;

    http://www.nhscarerecords.nhs.uk/options/optoutform.pdf

  13. Yet Another Anonymous coward Silver badge

    Good job I don't live in Hull

    My NHS records are completely secure that nice minister said so.

  14. JaitcH
    FAIL

    Another reason why ...

    centralised health records are dangerous. Centralised anything in fact, and amalgamated multiple databases are even worse.

    Patients can easily be given a memory fob on which all their medical data is stored and handed over for perusal or updating by a doctor. Prescriptions could also be entered and the chemist/pharmacist would have limited read/write rights so no no duplicate prescriptions can be issued without authority.

    It will stop double-doctoring, too, no dongle - no service except in emergency.

    I attended a hospital in Toronto for around 7 months and my electronic record, including X-rays was around 5 megabytes - which was copied, at my request, to my dongle.

    1. kwah
      Coat

      Wait, WHAT!?

      They let you plug your USB dongle into a machine with access to patients'/'s medical data???

      Haven't you heard about these new fangled tech things called viruses? You wouldn't want to expose your doctor to those - they don't have a vaccine for that kind yet! Quick! Call the CDC!

      Mine's the one with the correctly setup hardware/software policies. Saved to a USB dongle of course.

  15. Nick 10

    This is what happens

    When you restrict people's internet access at lunchtimes. They have nothing better to do, and can't look on spacebook, so they idly flick through random women's medical records. If they'd have let him browse porn at luncthime, there'd be no problem.

  16. Anonymous Coward
    WTF?

    For Ten Points and A Gold Star

    Can anyone explain what a "care data quality facilitator" means?

    1. The Other Steve

      We used to call them

      Data Entry Monkeys.

  17. Anonymous Coward
    Coat

    clever trever

    Couldn't resist ... Coat already on & leaving now....

  18. Anonymous Coward
    Anonymous Coward

    not new

    I was "let go" from a job for looking up a email-friend-but-also-customer's phone number on the computer, and she complained ..... 22 years ago, and we got married soon after..!

    Slightly more recently ... somewhere in a different ex-employers email archives might yet still be several complete copies of GP medical systems that I worked on, doing a data-conversion between systems. Wonder if the DPO should ask them..

  19. Anonymous Coward
    Anonymous Coward

    Nothing new

    Meh, happens all the time everywhere someone has access to personal records. You're naive if you think otherwise... And it always has, even back in the good old days of folders and filing cabinets.

  20. adrianww
    Pint

    Several people...

    ...mentioning the (bloody awful) summary care records system here. And it does, indeed, have its issues and I must get around to opting out of it, however this doesn't necessarily mean that he used the summary cockup system to get the info. It could have come from whichever local patient management system was being used.

    Or did the article mention that he used the SPINE/whatever they're calling it this week to get the info? (Apologies to all if it did, but it's well on the way to beer o' clock here and I'm tired...)

  21. Anonymous Coward
    Black Helicopters

    An ex-employee of ours became "ex "

    after it was discovered he was reading world+dog email on the corporate system.

    Considering it was a local authority, it was a lot of emails he had access to.

    Didn't think it warranted sacking him, im sure any IT techie will admit to having a snoop at some point.

    Perk of the job sometimes....

    1. Geoff Campbell Silver badge
      Flame

      Sorry, no. Not even in jest.

      I am a professional. In 20 years of dealing with email systems, personnel databases, payroll systems, whatever, I have *never* looked at any data without first seeking authorisation and having a damn good reason for doing so.

      Anyone who thinks the data is there for their personal amusement should on no account be allowed access to any systems, of any sort.

      GJC

  22. miknik

    NHS dont care about your data

    A hospital near me closed in 1985 and stood derilict until 2006, after exploring it thoroughly (boys will be boys) we found a room filled with filing cabinets containing people's medical records. As far as I know they remained there until the day the building was razed.

    It doesn't matter how your data is stored, if the organisation storing it isn't particularly interested in keeping it safe, then it won't be safe.

  23. Anonymous Coward
    WTF?

    slap on the wrist then

    "six months, suspended for two years" perhaps my legal parlance is not sufficient here but that sounds like: don't be a naughty boy for two years or we might lock you up.

    nice to see the courts hold our private data to a high regard.

This topic is closed for new posts.