This report appeared last week!
Nurse banned for snooping in colleagues' medical records
She simply couldn’t wait to find out the sex of one coworker’s newborn, says the NSW Civil and Administrative Tribunal says.
28th April 2021
A nurse who snooped in hospital medical records to find out the gender of a colleague’s newborn baby and to discover why other coworkers were unwell has been banned for six months.
In total, the enrolled nurse from western NSW accessed the records of 13 people without permission 154 times between 2017-19, according to NSW Civil and Administrative Tribunal.
Among those whose privacy was breached were colleagues, a close friend and her own family members.
Eager to find out the gender of a colleague’s newborn, and if he finally had a daughter after four sons, she delved into his wife’s medical record, the tribunal heard.
“When asked whether she could have just asked [her colleague], her response was that that he was not at work and that she chose to access the records in order to find out the information,” it wrote.
Asked to explain why she accessed the records of a close friend who was unwell she claimed she was worried about her and wanted to know what treatment she was getting, the tribunal said.
But she admitted curiosity got the better of her when she poked around the records of a second work mate, whose health was deteriorating, after initially claiming she was concerned because he was a smoker which she thought could jeopardise the safety of patients.
As to why she pried into the records of seven of her own relatives, the nurse said she was simply concerned for their welfare because they had been kind to her.
Her snooping was uncovered when a third coworker became suspicious because she knew so much information about patients and coworkers.
Concerned she may know about his own medical history, he sought permission to access his records and discovered she had looked at them.
He told the tribunal the breach was distressing because he was concerned that she would talk openly about his private issues, and he had needed to consult a psychologist.
…..
More information: NSW Civil and Administrative Tribunal's finding
More here:
https://www.ausdoc.com.au/news/nurse-banned-snooping-colleagues-medical-records
This is really quite sad as it seems to nurse really did not grasp why what she was doing – for 2.5 years – was actually wrong but also carried quite severe professional consequences.
It is rather alarming that her abuse took so long to be discovered….
The lesson here is clear – health data is vulnerable to misuse and there must be significant sanctions to discourage abuse of all forms – not matter how seemingly minor!
David.
"It is rather alarming that her abuse took so long to be discovered"
ReplyDeleteThe bigger the system, the harder to detect such behaviour. The ADHA would have no idea who was or was not entitled to view a patient's data, never mind catching someone misusing the MyHR.
They would have us believe that nobody has been detected wrongly accessing the system in nearly ten years of use. I can believe they've never noticed anything untoward.
Absence of evidence isn't evidence of absence.
I am no expert in this area but if this person could wander around pecking at record unnoticed because the credentials allowed it. If the facility this role was part of is then a trusted portal to upload and look at MyHR, surely then the MyHR is wide open for snooping??
ReplyDeleteFYI, @anon 11:18am, access to MyHR is on the basis of approved institution (That was because of a failure to implement a critical and essential component of the PCeHR that was supposed to tarck individual users - NASH)
ReplyDeleteIBM took the heat but IAFAIK, they couldn't make sense of the requirements, never mind make it work). To fill the gaping chasm in the design they implemented an existing, but only partial solution from Centrelink.
Anyone who is authorised to use an institution's access to MyHR can, technically, access the system via the provider portal. AFAIK, all they need is the patient's Medicare number
It is up to the institution to police this access, there is no way the ADHA can check or control access.
But wait, there's more... if the data has been downloaded to a local system, the ADHA is not only unaware of any access but the legislation does not apply.
Not many people know this.
Thanks you Bernard. That seemed to be the cases when I scribbled it out. But based on claims around privacy and security I figured I must be being to simplistic and there was magic happening. Still if only we had paid 1billion and five dollars we might have had extra protection.
ReplyDelete