Wednesday, July 20, 2016

A Reminder Of The Need To Properly Protect Electronic Medical Records From Un-Authorised Access.

This appeared last week.

GP suspended after accessing wife's medical records

11 July 2016
A DOCTOR accused of domestic violence by his wife has been suspended after trawling through her medical records without her consent.
The wife of Dr Tahir Shah claimed their marriage was increasingly volatile and eventually led to a death threat against her.
She complained in June 2012 that he was looking through her medical records without permission.
In a sworn affidavit she said he replied to the effect: “Why not? You are mine, everything of yours is mine … I am your husband … I can check anything I want”.
He was then alleged to have described the Privacy Act as “westernised … rubbish”.
She said she left their apartment in Nambour, Queensland, on 12 August, after making a complaint to local police. She stayed with a friend to escape her husband's alleged harassment.
She claimed that Dr Shah did not attempt to contact her until he received a letter from the Department of Immigration telling him that his visa has been suspended because of their separation.
The Medical Board of Australia alleged that, some two weeks later, Dr Shah emailed an oncologist who was treating his estranged wife's cancer.
The board said he was "trying to find out information about or involve himself in her treatment regimen".
On that same day — 25 September — Dr Shah unexpectedly turned up with flowers to a chemotherapy session his wife was undergoing at the Royal Brisbane and Women’s Hospital.
His wife, who has since died, was so distressed that a social worker was called in by nursing staff.
Dr Shah accessed her online medical records on 26 September and then again on 27 September.
  • Read the Queensland Civil and Administrative Tribunal decision here.
More here:
What is interesting in reading the findings if the Tribunal is that there is no comment as to just how the doctor accessed the records and just why he was able to without explicit authorisation.
Overall, given we can assume the Dr was not on the staff of the Cancer Centre, it is hard to know just what was going on that he could access the records.
That said, in my view it is vital the holders of electronic records ensure they are properly secured. I actually wonder just why the Tribunal did not query how access was obtained. The bottom line is that he should not have been able to!

No comments: