Two doctors, a consultant and two nurses at the Salford Royal Hospital in Greater Manchester are being investigated for allegedly accessing Sir Alex Ferguson's medical records in May.
Medical records accessed by unauthorised staff
The former Manchester United manager's medical records were reportedly accessed when he was undergoing a surgery at the hospital after suffering a brain haemorrhage. He stayed at the hospital for over a month between May and June to recuperate in intensive care in the aftermath of the successful surgery.
According to the Salford Royal NHS Foundation Trust, the "information governance breach" is presently being investigated and has been reported to the Information Commissioner's Office. Even though the Trust declined to reveal the victim's name, the Sunday Times reported that the breach involved Sir Alex Ferguson's medical records.
The Salford Royal Hospital staff who are presently being investigated for the breach were not directly responsible for his care and were therefore not authorised to access his medical records. The ICO is yet to issue a statement concerning the breach but its stance on the breach of confidential health information at NHS organisations is well known.
ICO's strong stance on the breach of medical records
Last week, the ICO fined Hannah Pepper, a former trainee secretary at the Fakenham Medical Practice in Norfolk, £350 and also asked her to pay costs of £643.75 and a victim surcharge of £35 after finding her guilty of reading medical records of 231 patients in two years. The list of victims included colleagues and their families, her own relatives, friends and acquaintances and also members of the public.
"People whose job allows them access to confidential and often sensitive information have been placed in a position of trust, and with that trust comes added responsibility. Data protection law exists for a reason and curiosity or boredom is no excuse for failing to respect people’s legal right to privacy. Just because you can do something, that doesn’t mean you should," said Mike Shaw, Group Manager at the ICO’s Criminal Investigation Group.
In August, the ICO also fined Emma's Diary, a firm providing pregnancy and childcare advice, £140,000 for collecting and selling personal data of more than one million people, including new mums, to The Labour Party prior to the 2017 General Election.
The firm supplied 1,065,220 personal data records to Experian Marketing Services in May last year as part of an agreement where The Labour Party was listed as the latter's client. Personal data sold by Emma's Diary to Experian included names of parents, home addresses, children's dates of birth, and presence of children up to five years old. Such data was provided to the firm by young mums at the time of online and offline registrations.
According to the ICO, personal data obtained by The Labour Party from Emma's Diary allowed the party to "send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres".