A former manager of a GP surgery has pleaded guilty to charges of unlawfully obtaining personal data using the doctors’ patient records program.
The Information Commissioner’s Office (ICO) found that Steven Tennison, 37, had accessed the medical records of about 1,940 patients registered at College Practice GP surgery in Maidstone, breaching the Data Protection Act (DPA).
Many of the records viewed by Tennison, who oversaw the finances of the surgery, related to women in their 20s and 30s. The records of one woman - believed to be a schoolfriend of Tennison - and her son were accessed repeatedly.
The offences were uncovered in October 2010 when the practice manager at the surgery reviewed Tennison’s attendance file, which included looking at his use of the patient records program.
The manager found that Tennison had accessed records 2,023 times between 6 August 2009 and 6 October 2010. During this time, the GP practice said that Tennison was only authorised to access the records on three occasions when the practice manager was on leave and he was responsible for investigating a complaint.
Stephen Eckersley, ICO head of enforcement, said: “We may never know why Steven Tennison decided to break the law by snooping on hundreds of patients’ medical records. What we do know is that he’d received data training and knew he was breaking the law, but continued to access highly sensitive information over a 14-month period.”
Tennison was fined £996 at Maidstone Magistrates Court and ordered to pay a £99 victim surcharge and £250 prosecution costs.