So you admit this is Fakenham news
Sorry, been a long week
A bored trainee secretary at a GP practice has been fined for snooping on the health records of colleagues, friends and strangers. Hannah Pepper has to pay £1,028.75 after she was found to have illegally accessed 231 patient files while working at the Fakenham Medical Practice in Norfolk, an eastern county in the UK (for US …
This post has been deleted by its author
... I want to make sure you are nowhere near me or any of my family.
"essentially it sounds like she had a boring job and probably very low paid ... I wonder how many of us here would not have done the same thing in that situation?"
Most of us would not have done the same thing. I've seen my not-particularly inspiring salary eroded time and time again as the minimum wage goes up way quicker than mine and my colleagues (public sector pay freezes etc) but we wouldn't dream of doing this even if we had the time to spare.
This isn't like taking a peek inside your bag at work, it's confidential information for a reason - what would you do if you found out one of your co-workers only had a short time to live, or had a really embarrassing condition or something else they really, REALLY didn't want you to know about?
How would you feel if it was you who had the secret and someone found it out?
It's an easy step from finding something "interesting" in someone's file to just having to share it with one other person, and then you or they share it with someone else because it's just too damn interesting to keep to yourself, and before you know it the tiny little mushroom cloud is out and it's too damn late to put it back in that nice shiny uranium sphere.
I hope you never have to go through the agony of seeing someone you know have their life destroyed because someone else didn't understand the concept of "keep your f***ing nose out"...
I understand how you feel but you're living in a fools world (sorry, no insult) if you think that information like this is hidden and only seen by you and your doctor.
Look at the world these days, everything is stored somewhere and it's all accessible to people - the police can get at it, along with GCHQ, the local council, the insurance company can all get at it legally, it can be anonymized (in theory) and used for research - check the small print at the end of the small print in every document that you have signed. Did you buy any medicine with a credit card - can you even guess how many people that information has been sold to?
You have no secrets, it's time to grow up and realize that the world (as defined by "big data") is not your friend, it just wants you to think that it is - you are just a tasty meal.
Quote:
I understand how you feel but you're living in a fools world (sorry, no insult) if you think that information like this is hidden and only seen by you and your doctor.
Well after reading this, I called up the bored receptionist at your doctors to find out you had an AIDS test 3 months ago, as well as a check up at the sexual health clinic.
ANd the details have leaked up because you think everyone hoovers up all of your details
BTW , your wife wants a divorce because "WTF were you doing at a sexual health clinic, let alone having an AIDS test", your employer has said "Oh an AIDS test... you must be a druggie, you're fired, and your health insurance co just found out and raised your premium by 500%.
Oh and having a 4" penis is a bit on the small side too.
You must have got the wrong records, it's 8 inches, flaccid.
I do occasionally handle confidential data and I keep it confidential, but I'm not going to take the "holier than thou" attitude and assume that everyone else does - your list shows your biases (some of which are not pretty) and an attitude that would concern me if I were in charge of you handling this type of data - you sound like the sort of person who would peek into records.
I'm not saying that it's right to leak information, but I think that we are all living in a fools world if we think that it doesn't happen - sometimes illegally but most of the legally.
your employer has said "Oh an AIDS test... you must be a druggie, you're fired
Boris, I totally agree with your post and have upvoted it.
However, the part I've quoted might vary more than many people realise. I've had an AIDS test, at a previous employers insistance. It was part of their hiring criteria, because they were privately funding life insurance for us and wanted to rule out pre-existing conditions that may have affected it. As you'll realise, this was a couple of decades ago.
So, yes, the receptionist should be punished because what she did was very wrong. However, not all employers will react badly - though she had no way of knowing how anyones employer would react.
I've had boring jobs. I had an internship back in my university days where I had very little to do, was being paid very little, and did not feel great about it. I could have broken into so many things; the company had a bunch of systems and wasn't great at security. People's documents, communications, and systems were open wide to me, and I couldn't even have gotten caught because my job gave me a perfect excuse for going into any clients' systems (it shouldn't have, but it did). I didn't. I didn't because that would be wrong.
When I had time where there was nothing to do, and I was very bored, I'd look for extra work that needed to be done. But sometimes there wasn't any. So I wasted time on finding out the optimal size of a binary chunk for getting the least time when running different hashing algorithms (incidentally, at that time it was 256 kilobytes for SHA1 and 512 kilobytes for MD5, now it's almost certainly different). I wrote reports on things the managers would never read, but at least I got to research and learn about those things. In short, I found ways to spend my time that were entirely ethical. I respected my employer, only doing something else if there was no work to do, but above all I respected everyone who trusted them, and did not violate their trust. I would hope that everyone reading this would do the same.
Posting anonymous because I've been let's say very honest about this company's competence.
As an IT contractor with medical customers I have access to their practice management systems at an administrative level. I could access every record without leaving a trace.
I have never taken so much as a sneaky peak at anything other than the test patients (which are quite intentionally filled with humorous medical conditions). To do so is a gross breach of trust and I would be sickened to discover that anyone other than an authorised doctor had read my medical record. That is the most personal data that can be held about a person.
Sorry to inform you, but medical practitioners like your GP or consultant rely heavily on administrative staff. They type up your records from various scribbles and Dictaphone notes and others read through them to ascertain whether you need any follow-up appointments.
But I'm happy to inform you, they are all as professional as your GP, and would never dream of reading any further into your records than is necessary, or divulging anything they have read.
To be honest, most admin staff will have forgotten every word they read about you once the task was done.
While working in a busy city hospital on very low pay, I had three years of unfettered access to the medical records of everyone in the city. On top of that I could easily have requested the records of any other UK citizen.
And I did read loads and loads of records, and request loads and loads of records from hospitals around the country, but not once was it out of curiosity. Every file I opened was due to a medical requirement, and was part of my job.
And while I speak for myself, I can assure you my colleagues were too busy and too professional to stoop to such disgraceful behaviour.
Be assured, the bored receptionist woudn't have lasted a week before losing her job for unprofessional conduct, in my hospital and any other you care to mention.
You mean like the ones who have only one arm and one eye?
Fortunately for the commentards here Norfolk residents do not constitute a racial group as otherwise I think we'd have a potential hate crime on out hands
Interestingly, a former MP for Norwich got in a lot of trouble for suggesting inbreeding caused a lot of health problems. He was actually a former professional biologist so arguably knew what he was talking about!
I know it doesn't mean that much, but at least the practice flagged it up to the ICO. It may be because it became public knowledge within the workplace or something, but it still got reported. I dread to think of the breaches that are dealt with on the 'hush-hush'.
Also no mention of a fine or reprimand for the practice so that suggests they were happy with their trainign and safeguards etc.
"Also no mention of a fine or reprimand for the practice so that suggests they were happy with their trainign and safeguards etc."
When the person doing the snooping is authorised to look at the data, there's not a lot you can do other than record all data accesses and every now and then check the logs to see if it all looks ok. That may well be how the snooping was spotted in the first place, in which case, yes, their training and safeguards are adequate.
This kind of thing is covered in annual training, and agencies are required to have such training--at least where I work. Just think; there are places where private information of celebrities and government officials can be looked up. Not only must there be training, but these things need monitoring and enforcement. I guess there are areas where these regulations need to be fortified just a bit.
How many of us have an "I read your e-mail" t-shirt in the closet somewhere. I am fully up with the "need to know" restrictions, I have them in my job, but I am paid a lot more than some clerical worker. And it's not about the money, if part of your job is to read and review medical files, and you read them all, because you are bored, I would just say you are being proactive.
granted I don't wear my "I am root, fear me" or my "I read your e-mail" shirts much anymore, but still, chill.
The folks that read this site are (aherm) a pretty educated lot....
And even here its going a bit do laley over whether or not the person was really causing any harm....
Sure, I might not want Sally next door to know my STD results, or work colleague Ben to know I had a bout of the sh1ts the other day and stank the loos out....
BUT....do I really care that much that someone who is qualified and authorised to read through my records as part of their job sifts through some personal data.....as long as they keep it to themselves, dont tell anyone and keep it as confidential as its supposed to be.....the answer is, probably not.
But give a set of Daily Mail readers the same circumstances and wow, watch the sparks fly....she would be hung drawn and quartered, not just hit with a measly £1k fine!
I think the point is that she was caught reading a co-workers file.....and it all escalated from there, with some goody two shoes that just had to involve the ICO....probably because of said Daily Mail readers....
This has gone waaay out of all proportion (hence the peanuts fine).
Now, if it was some hacker looking for medical records to use as extortion....thats when its a real problem.....
Hannah Pepper has to pay £1,028.75 after she was found to have illegally accessed 231 patient files
No mention of it so I 'm assuming the worst - to wit that she got to keep her job and the fine is all the punishment she's received.
Basically all she got was a slap on the wrist for an unforgivable breach of trust, utter lack of professional behaviour and giving in to pretty nasty urges.
I'd have insisted on her summary dismissal, a court order banning her from ever working in a similar position of trust again and fined her a lot more, a large part of which I'd earmark as compensation for those whose data she abused. (If unable to pay immediately, then attached from her salary in her next job.)
If the courts don't treat this sort of behaviour seriously, it's never going to stop.
"Her role required her to look at some medical records – lawfully – to help doctors, solicitors and insurance companies."
Doctors, well obviously, yes - the others, when and how did I consent to that? And by someone who clearly has no understanding of 'patient confidentiality'
BTW, the first 'ex' refused to go to a Doctors Surgery just over a mile from the house because one of the receptionists there knew her and she didn't want her gossiping about her medical stuff the way she did about other friends... She went to one just over eleven miles away so she could be gossiped about by a stranger (some of here 'issues' were worthy of a listen over a dry sherry or two to be fair).
In the US, HIPAA https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act would have applied. The Feds would Not Have Been Amused. As far as I can see, m'girl would, at the least, have been liable for up to US$50,000 per offense to a max of $1,500,000. Or, if the judge wanted to heave the book at her (and he'd be a federal judge, they just love to throw the book, have a nice lapdog prosecutor go and retrieve it, and then throw it again) a fine of $50,000 per offense plus one year per offense ranging up to $250,000 per offense and 10 years in a federal pokey per offense, should the judge feel that there was an attempt to 'use individually identifiable health information for commercial advantage, personal gain or malicious harm'. That 231 offenses. If she gossiped about even one, that's malicious harm, and she's looking at up to $250,000 and 10 years times 231. In the real world even the feds don't go for the max unless you piss them off, but they can if they want to.
M'girl got off lightly.
There is a reason why some people refuse to do any work involving health info. HIPAA has very big, very sharp, teeth, and the feds deploy it with fell intent. https://www.medprodisposal.com/20-catastrophic-hipaa-violation-cases-to-open-your-eyes Note that several of those cases involve people who did less than what m'girl did, and got seriously hammered.