This appeared last wek:
Practice fined $16,000 after sending HIV diagnosis to wrong email address
Couple originally wanted $250,000 for the alleged distress caused
6th July 2020
A GP practice which sent an email revealing a patient and his husband had HIV to the wrong address has been ordered to pay $16,400 in damages.
The couple had taken part in a global study on HIV transmission and the Victorian practice, which specialises in sexual health, was emailing a consent form to take part in a follow-up study.
The form should have been sent to the email addresses of the patient and his husband.
The husband’s email address used his first name, the initial of his middle name, followed by his last name.
But the practice omitted the middle initial, sending the email to an unidentified, unrelated Gmail account.
The patient alerted the practice to the privacy breach on 22 December 2017, but the practice did not respond for over a month.
Although it was unclear who owned the email address or whether the email had even been opened, the couple reported the practice to the Australian Information Commissioner and Privacy Commissioner.
They originally claimed $250,000 in damages for psychological harm, which had been allegedly aggravated by the clinic’s “lack of communication [and] failure to appreciate the gravity of the privacy breach in its response, and its failure to take steps to remedy the breach”.
A psychologist diagnosed the patient with an adjustment disorder with anxiety and depression and said the patient had contemplated suicide.
The “extreme level” of distress had affected the patient’s cognitive functioning, ability to concentrate, his short-term memory and overall trust in the medical profession, the psychologist said.
More here:
https://www.ausdoc.com.au/news/practice-fined-16000-after-sending-hiv-diagnosis-wrong-email-address
You can read a blow by blow account from the Privacy Commissioner here:
http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/21.html
The story only goes to re-enforce the need for great care in sending e-mails with extremely sensitive contents and also the need to ask are there better ways to send the information securely.
Fortunately the damages were only of the order of $16,000 and not the huge sum initially requested!
David.
5 comments:
A simple human error. Could happen I guess using any information exchange method that involves point to point. Get the destination wrong. Wonder if we will have an eradication of the email campaign to rival that other pointless crusade the ‘digital’ folks love so much.
"A simple human error. Could happen I guess using any information exchange method that involves point to point."
Is the technology of Digital Health making this problem better or worse?
Coronavirus was something Jess had … then didn't, following a Victorian testing bungle
https://www.abc.net.au/news/2020-07-18/coronavirus-melbourne-test-mistake-jess-dhhs/12468792
Were the results sent to her MyHR? if so, have they been removed? Who is responsible for removing incorrect test results?
Is the technology of Digital Health making this sort of thing better or worse?
First would be to clearly outline what aspects of digital are being employed for what means. Then how does that, what you point out, fit into that world. Health and digital are broad terms.
PKI adds a degree of safety, which is why secure messaging with privacy and authentication is desirable. However you can still send it securely to the wrong person, but at least not a random person, but a health care provider, which lessens the risk considerably as there is a degree of trust that they will do the right thing with the information, even if it was not intended to go to them. I know I have hit enter on a name and realized the error, but the message has already been routed to the wrong person before it can be edited.
Post a Comment