GP surgery manager pleads guilty to illegally accessing patient data

Snooped on confidential health information of women in their 20s and 30s

A former manager of a GP surgery has pleaded guilty to charges of unlawfully obtaining personal data using the doctors' patient records program.

The Information Commissioner's Office (ICO) found that Steven Tennison, 37, had accessed the medical records of about 1,940 patients registered at College Practice GP surgery in Maidstone, breaching the Data Protection Act (DPA).

Many of the records viewed by Tennison, who oversaw the finances of the surgery, related to women in their 20s and 30s. The records of one woman - believed to be a schoolfriend of Tennison - and her son were accessed repeatedly.

The offences were uncovered in October 2010 when the practice manager at the surgery reviewed Tennison's attendance file, which included looking at his use of the patient records program.

The manager found that Tennison had accessed records 2,023 times between 6 August 2009 and 6 October 2010. During this time, the GP practice said that Tennison was only authorised to access the records on three occasions when the practice manager was on leave and he was responsible for investigating a complaint.

Stephen Eckersley, ICO head of enforcement, said: "We may never know why Steven Tennison decided to break the law by snooping on hundreds of patients' medical records. What we do know is that he'd received data training and knew he was breaking the law, but continued to access highly sensitive information over a 14-month period."

Tennison was fined £996 at Maidstone Magistrates Court and ordered to pay a £99 victim surcharge and £250 prosecution costs.

Join the CSO newsletter!

Error: Please check your email address.

Tags icosecurityInformation Commissioner's Office

More about ICO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anh Nguyen

Latest Videos

More videos

Blog Posts