Patient in NZ hospital breaches privacy of other patients
October 1, 2014 |
Health care facilities, especially hospitals, hold sensitive information (as defined in the Privacy Act). They are also quite prone to data breaches. There are a number of reasons for this, poor systems, reasonably regular turnover of staff, a large number of individuals concentrated in a small space often in quite busy (if not chaotic) environment and often a culture which is not given to more modern strictures on data handling. In Hospital patient takes peek at info of others Stuff NZ reports on a patient in Hutt’s emergency department using an unattended computer to view records relating to other patients. In the Australian context there would be immediate problems for the health facility. Such as why access to records was was not password protected, why didn’t the computer have a screen saver which was password protected, why a computer was so easily accessible to a patient. And other questions depending on the facts. The intruder will be the immediate focus but it is a good example why some basic controls, technological and policy should be in place and enforced to ensure that when someone does something incredibly stupid as this he or she is thwarted.
The article provides:
A breach of privacy by a patient in Hutt Hospital’s emergency department has been referred to police.
Hutt Valley District Health Board chief executive Graham Dyer has confirmed that on September 8 a patient was able to view information about other patients on an unattended computer.
“As soon as this issue was discovered, the four computer workstations in emergency department assessment rooms were disconnected to prevent further incidents,” Dyer said.
All other computers in the emergency department are located in staff-only areas.
“We’re extremely disappointed that a patient who has come to our organisation seeking help for a medical condition has chosen to abuse the privacy of others.”
As well as contacting police, the DHB discussed the incident with the privacy commissioner. “We take the privacy of our patients’ information very seriously,” Dyer said.
All patients whose information might have been viewed had been contacted and a “full apology” offered
[…] Patient in NZ hospital breaches privacy of other patients […]