Need-to-know
At least they do audits in this regard. But why did he have access to those records in the first place? One would think his access could and should have been limited to data related to the local residential care homes.
A pharmacist who unlawfully spied on family and friends’ medical records has received a modest fine after he was convicted of data protection offences. Harkanwarjit Dhanju, 50, was convicted of unlawfully accessing the medical records of family members, work colleagues and local health professionals while working as a " …
From my knowledge of GP and pharmacy systems there do not seem to be any filters based on where you live . Access filters are based on *which areas of the record* you can look at e.g. in eMIS I could only look at the medication record but not the detailed consultation record. In order to do a medication review, this person would need full access to current and previous medicines prescibed and at least a summary consultation/medical record. It would have been quite possible to request individual records as paper copies but most nursing homes have all their residents registered with a single practice (unless the residents are temporary/rehabilitation/respite care) so the pharmacist was working within the practice premises.
I'm suprised the guy did this - he knew he shouldn't be looking at the records (it's part of university and professional training) and cases of health care workers discovered doing this sort of thing and being sacked are quite prominently publicised to staff by health authorities.
I would think the General Pharmaceutical Council will be very interested in his case - they are notoriously more likely ,(just as when the register was held by the Pharmaceutical Society) to suspend or remove from the register compared to the GMC and nursing bodies. Conviction of a criminal offence is almost certain removal from the register.
Conviction of a criminal offence usually means removal from the GMC too. And I think that both the GMC and GPC pale into significance compared to the "eat your young" approach that the nurses have... probably related to ability of the individual to take a stand against their professional organisation.
Otherwise, completely agree.
IANAL
IIRC "conspiracy" applies to any offence - and it could carry a higher sentence than the conspired offence itself. Presumably an automatic Crown Court trial even if the conspired offence was a Magistrate Court one. In the past Police "fishing" expeditions seemed to use an arrest for "conspiracy" - when they had no other evidence to justify a search of someone vaguely connected to a suspect.
"From the report it looks as if ye was doing this off his own bat. So no conspiracy. It takes two to conspire."
What if he had a split personality? Obviously the fine should then be reduced in proportion to the number of personalities that made him do it, and the total that he has.
Believe it or not digitization of records has actually helped auditability. When I worked in a hospital, I could go to the records library and pull any record at any time; all I needed to do was trace it out somewhere. With digital records every time someone looks at a record, an audit trail is recorded. Not just "where the paper record should physically be".
It can be quite hard sometimes to avoid seeing records for someone you know. Chances are you know someone who is diabetic, so if you work in the local diabetes service at some point you are going to be looking at a letter and think "hang about, I recognise this guy". Likewise, if you work in a hospital and are referred in, if you know anyone in the appointments team they are going to be handling your referral. There is not much you can do about this type of "correct" access; locking records down is only done exceptionally (the fact that someone is diabetic is relevant if they see an eye surgeon about a cataract for example). So, everyone from the clerk upwards gets training to act in a professional manner, and you make a silent audit trail of every access and change so that if someone does act incorrectly, you can discipline them for it after the fact; as well as a fine you are almost certainly going to lose your job in cases like this, and if you are a professional, possibly your licence to practice.
reactively addressing the issue is not sufficient enough. They should have systems in place to prevent those that should not be seeing those records from accessing them. If i haver a reason for checking a patients record, i should not be able to check some other patients record too. Perhaps some authorised person needs to grant specific permission to the viewer to view that specific record. That should stop opportunist viewing of unrelated records. Yes i appreciate it would cost more and take longer, but it would add trust into the system and perhaps people wouldn't be so against having their records digitised knowing there where robust checks and balances in place.
'The offence is punishable by way of “fine only” - up to £5,000 in a magistrates' court or an unlimited fine in Crown court. The ICO continues to call for more effective deterrent sentences, including the threat of prison in the most serious cases, to deter the unlawful use of personal information.'
What's the point of calling for more effective sentences & then failing to make use of the existing sentencing regime by not taking this to the Crown Court?
"But they have to go much higher."
Why? He'll probably be fired, he'll probably lose his professional registration, and even if he doesn't he'll struggle to get another job in the same field. The fine is symbolic, but chances are he'll lose a lot more than £1,000.
Assuming you work as an IT professional with some experience and training, imagine how much you'd lose if you did something wrong and overstepped the mark, and were banned from further work in IT? What would you do as a suddenly unskilled worker, and how much would your new job pay?
I'd guess we're talking about somebody on a (guessing) £60k salary on a full time basis, maybe more. What can he do now and what will he earn? Some form of non-NHS administration, paying perhaps £15k if he's lucky. He might build a new career in some new field, but I'd guess that his loss from this conviction must approach £250k over the next few years, unless a family member or friend finds him some equally paid director type of job.