Woman got data on other patients

23:00, Nov 28 2012

A Palmerston North woman is accusing MidCentral District Health Board staff of a privacy breach, after she was mailed another mental health client's file along with her own records.

The health board is investigating Zelda McConachy's claims that she has repeatedly received other mental health services clients' confidential files mixed up with her own records during the past two decades.

MidCentral's director for patient safety and clinical effectiveness, Muriel Hancock, confirmed the department responsible for the alleged breach was investigating the claim.

The Manawatu Standard has viewed the most recent file sent by MidCentral to Ms McConachy.

Along with her own records, she was sent two pages from another patient's file with details including his name, age, address, phone number, medication type and notes on his behavioural issues.

"I will be looking through all my files and next thing I come across somebody else's name," Ms McConachy said.


"This happens every time I request my records. I have got somebody else's each time and when it happens they just tell me to destroy them, but I get worried about who has my files."

The most recent incident appeared to be a serious data breach, Ms Hancock said.

"It appears that the claim is correct."

The health board would further investigate Ms McConachy's claims that the breaches had occurred since 1990, when she first began requesting her mental health records.

"At this stage it appears we do not have any complaints of this breach recorded, but we are working with staff at an individual level to see if there were complaints raised previously," Ms Hancock said.

"From our perspective, whether it is minor or not, it is information that has gone to someone else and that is our real concern. If this is substantiated we need to manage it.

"It is a very serious issue; whether it is two sentences of information, or it is a box of information."

MidCentral planned to meet with those affected.

"We really do want the opportunity to talk to these patients and make our responses appropriate to reassure the community that if we have made an error here then these are the processes to make sure it won't happen again," Ms Hancock said.

This latest incident has come to light as the Privacy Commissioner's Annual Report, released yesterday, labelled 2012 "The Year of the Data Breach".

The report says this year has been marked by "major public sector data breaches", including the inadvertent release by ACC of the private information of thousands of people to claimant Bronwyn Pullar, and IT security lapses at the Social Development Ministry in which thousands of personal files could be accessed at self-service kiosks.

"These losses of data have highlighted the urgent need for far better security and respect by government agencies for New Zealanders' personal information," said Privacy Commissioner Marie Shroff.

Overall, 1142 complaints were received nationwide - an increase on the 968 complaints received in the 2010-11 year.

The Manawatu Standard