The Information Commissioner’s Office (ICO) has levied a fine against Loretta Alborghetti, a former NHS secretary, for unlawfully accessing more than 150 patient records without consent or legitimate reasons. This breach of privacy came to light after a patient filed a complaint in June 2019, leading to an investigation that revealed Alborghetti accessed one individual’s records 33 times between March and June 2019 without proper authorization.
Further scrutiny found that she had inappropriately viewed a total of 156 patient records over 1800 times within that three-month period, including records of individuals and their family members residing near her locality, despite no medical affiliation with ophthalmology, her department.
ICO’s head of investigations, Andy Curry, emphasized that the public should be confident in the safety of their medical data and cautioned against unauthorized access, stating that job-related access does not grant legal rights for personal use.
While Alborghetti pleaded guilty to unlawfully obtaining personal data in violation of the Data Protection Act 2018, the £648 ($810) fine imposed has sparked debates over its adequacy to deter similar breaches in the future. The case underscores the ICO’s commitment to taking action against unlawful access to confidential personal records and serves as a reminder that curiosity does not justify infringing data protection laws.
