Tuesday, February 16, 2016
Here Is What Can Happen When You Allow Your Personal Information To Be Held On Government Databases.
This appeared last week:
Exclusive: Breach at Australia’s health practitioner regulator reveals flaws in handling of personal data and ‘shakes confidence’ in medical complaints system
Medical professionals are raising concerns after a series of data breaches at the Australian Health Practitioner Regulation Agency. Photograph: Andres Rodriguez/Alamy
Tuesday 9 February 2016 07.02 AEDT Last modified on Tuesday 9 February 2016 08.15 AEDT
A nurse was allegedly assaulted by an employee of Australia’s health practitioner regulator, who used his credentials to access the agency’s database and track down her home address and phone number.
The security breach is one of several Guardian Australia has uncovered at the Australian Health Practitioner Regulation Agency (Ahpra), the body responsible for protecting the public by investigating complaints against healthcare practitioners.
The investigation has uncovered serious flaws that could be placing medical practitioners at risk of further assaults, fraud and unauthorised access to their personal data. The agency is set to face scrutiny from a Senate inquiry into medical complaints handling initiated by the independent senators Nick Xenophon and John Madigan.
Xenophon told Guardian Australia the allegations were “extraordinary” and called on Ahpra to provide a full explanation.
“This calls into question the very foundation of our medical complaint system in this country,” he said. “These allegations have shaken my confidence in Ahpra. If this has happened what else is going wrong that compromises our system of medical complaints? Ahpra has a very heavy obligation to make a full and prompt response to these most serious allegations.”
The Ahpra employee allegedly accessed the nurse’s personal records in September 2015 in order to track her down over a personal matter.
Ahpra, which regulates 14 health professions, including doctors and nurses, became aware of the alleged assault and the unauthorised access of its database only when the nurse lodged a complaint with the organisation. The nurse contacted New South Wales police following her assault, and the employee was suspended by Ahpra.
In a separate incident, an Ahpra employee who was also a midwife used her access to medical records to look up details of a complaint that had been made against her in July 2014. The complainant had separately launched civil proceedings against the woman in Victoria.
The Ahpra employee then used the information as evidence in her own civil court case. It is not known whether the incident was ever disclosed to the woman who made the complaint.
The incidents are just two of a number of serious data breaches that have occurred within the organisation, but have never before been disclosed.
Lots more here:
There is nothing to be said about all this other than to suggest that everyone thinks very carefully before making personal information available for storage in any (private or public) database unless you have no choice.
A pretty bad look.
Posted by Dr David G More MB PhD at Tuesday, February 16, 2016