Hospital Staff Fired Over Ed Sheeran Data Offence
“Not another one…”
Over the past few months, most of you will probably have had this thought after opening your inbox to find it full of emails asking you to opt-in under the GDPR and most of you, like me, will have clicked the delete button – but a recent case reveals just how important it is to know where you stand with the new legislation.
Two staff members at Ipswich Hospital have been disciplined and dismissed after they allegedly accessed Ed Sheeran’s confidential medical records. Despite both employees having authorisation to look at these records, the disciplinary hearing found they had done so without “legitimate or clinical reason”.
The incident took place in October last year following the singer being admitted to the hospital with a broken wrist after a bike accident.
The Kent and Medway NHS and Social Care Partnership Trust confirmed that “the records were reviewed out of curiosity rather than with any malice or intent to commit further activity, however this is a very serious incident” and required a look into the hospital’s policies and procedures when it came to maintaining confidentiality, especially in cases of high profile patients.
Clearly, this is a fairly unique circumstance, but it certainly raises a wider point that it’s not just who can access your data that the GDPR is trying to regulate, but why they can access it – and with fines of up to €20 million, it’s not as easy to ignore as those unopened opt-in emails in my inbox.
The case shows that even hospitals, who handle some of the most sensitive information available on an individual, can get it wrong when it comes to new legislation – because it’s not just about audits or finding a Data Controller… employees need to understand how the way they work is impacted too. Simple mistakes like this one, even when they aren’t intended, can have wider consequences for employees and businesses alike.
If you need any help with staying GDPR compliant, call Amica HR Ltd on 01522 370190 or email email@example.com