has been fined £40,000 by the Information Commissioner.
Regal Chambers, in Hitchin, Hertfordshire, gave out the information despite express warnings from the woman that staff should take particular care to protect her details.
The information was provided after the ex-partner made a request for the medical records of the former couple’s son. Staff at the GP practice responded with 62 pages of information that included the woman’s contact details as well as those of her parents and an older child the man was not related to.
An ICO investigation found that the GP practice had insufficient systems in place to guard against releasing unauthorised personal data to people who were not entitled to see it. This was a breach of the Data Protection Act.
Steve Eckersley, the ICO’s Head of Enforcement, said “Most people would be horrified to think the information they entrust to their GP was being treated with anything less than the utmost care. In this case a patient reinforced this, however her pleas went unheeded. There is no doubt that releasing this information would have caused great distress to the woman, her children and the rest of her family.”
The ICO’s investigation found staff did not receive adequate guidance or supervision about what could be disclosed or should be withheld. Mr Eckersley said “It was unfair to expect this person [member of staff] to deal with the potentially devastating fall-out created by sharing personal data wrongly. GPs could have protected staff by providing proper support, training and guidance. They did not do this.”
The ICO issued a fine of £40,000 for which the practice’s partners are individually liable.