These reports popped up last week.
Practice kept medical records in garden shed
15th Jul 2014
A MELBOURNE medical practice that stored nearly 1000 patients’ records in a garden shed has escaped the threat of prosecution and heavy fines because of the timing of the offence.
The Pound Road Medical Centre (PRMC) kept the paper records of about 960 patients in a locked garden shed at its former site in Narre Warren South from around October 2012 until an intruder broke into the structure in November 2013.
The Australian privacy commissioner opened an investigation in December 2013, after media reports revealed that boxes of medical records had been compromised at the site.
In an announcement today, Commissioner Timothy Pilgrim noted the seriousness of the breach because of the sensitive personal information in the records, including patients’ full name, address, date of birth, Medicare number and treatment details.
The boxes also contained results of medical investigations, correspondence between medical practitioners, discharge summaries, staff pay records, batched Medicare vouchers, invoices and accounts to third parties such as WorkCover.
PRMC said the boxes were taken from a locked room at the former practice premises and placed in the shed secured by three padlocks in October 2012, 18 months after it had moved premises in April 2011, to allow renovations for the sale of the site.
However, at the time it believed that all paper-based health records at the site had been transferred to the new premises, it said.
Mr Pilgrim ruled that PRMC breached the Privacy Act by failing to take reasonable steps to secure personal information it held.
“The commissioner did not consider there to be any circumstances in which it would be reasonable to store health records, or any sensitive information, in a temporary structure such as a garden shed,” the announcement from the Office of the Australian Information Commissioner said.
As an exacerbating factor, the shed was not located at PRMC’s premises, which meant it could not monitor access.
Further, it did not deal with or identify health records left at the site for more than two years, the commissioner said.
More here:
And here on the same incident.
Practice stored medical records in garden shed
A practice that stored 960 patient records in a garden shed is in trouble with the Privacy Commission after burglars broke in and raided the private material.
Melbourne's Pound Road Medical Centre moved the files into the shed in 2012, so it could renovate its old premises in order to sell it.
But the records were still there a year later, in November 2013, when burglars broke into the shed, gaining access to the patients' names, addresses and dates of birth, along with the results of medical investigations, discharge summaries and correspondence with other practitioners.
More here:
These reports are just a reminder that paper records have disadvantages - other than physical bulk - that might cause trouble.
While it is not at all clear that any harm actually followed this breach those responsible clearly were a bit careless and were very lucky the new, very harsh, penalty regime was not operational when the offenses occurred.
All those who worry about the security of electronic records should bear this incident in mind as should also users of electronic records be clearly aware that they have obligations to care for and protect their records from intrusion.
A good reminder for all record keepers - including the Government - that there are data protection responsibilities that all have.
David.
1 comment:
And files being left unattended on the counter top in the clinic reception area, or open on the nurse's station desk, or in a filebox next to the the treating clinician's consultation room door, or the persistent and still widespread use of fax machines, or on paper, in snail mailed envelopes that never quite make their destination
Post a Comment