Data breaches: parents sent private details
MidCentral District Health Board is grappling with two separate data breaches after 133 parents were sent letters containing personal details of other people's children.
The Manawatu Standard revealed yesterday that Palmerston North woman Zelda McConachy was mailed other patients' mental health data after she applied to MidCentral to see her own files.
MidCentral has since launched a double investigation to determine the cause of both alleged privacy breaches.
The dental records breach came to light after a parent informed MidCentral that they had received a double-sided letter from the Child and Adolescent Oral Health service containing information about their own child on one side, and another child's details on the other.
The letters sent to parents confirm enrolment in the dental service and contain their names and addresses, children's names and national health index numbers.
All 133 letters were sent out with incorrect information, with half of the recipients receiving somebody else's details, and the other half receiving no information at all, MidCentral's director for patient safety and clinical effectiveness, Muriel Hancock said.
"We have established we certainly did make an error," she said.
"There was nothing else about their health or any other personal details [in the letters] but that is besides the point. It is wrong information."
MidCentral will merge the investigation with an inquiry into Ms McConachy's accusation that a privacy breach had spanned two decades.
Ms McConachy claimed she was mailed other mental health patients' files along with her own records.
The Standard has viewed the most recent files. Along with her own records, she was sent two pages from another patient's file with details including his name, age, address, phone number, medication type and notes on his behavioural issues.
MidCentral yesterday confirmed it made an error in that particular incident.
Health Minister Tony Ryall had been briefed on both cases.
"I have been advised of the investigation. These are serious cases and I have stressed to the DHB they should be treated with utmost importance," he said.
MidCentral staff would be meeting with all affected parties in Ms McConachy's case, while letters of apology would be sent to the parents who received incorrect letters.
Ms McConachy yesterday met with a staff member who found a second patient's files in her possession.
Further investigation was required to substantiate her claims that she has received other patients' files mixed up with her own since 1991.
"They just said they've got no records of it," she said.
"I was never told to press an official complaint, I was just told to destroy them."
MidCentral had not yet been able to establish any record of the phone calls in which Ms McConachy says she complained. However, this did not mean the breach had not occurred, Ms Hancock said.
Labour's Associate Health spokesman Palmerston North MP Iain Lees-Galloway said any release of confidential data was unacceptable.
"People have a right to know details about their health will remain private and that sort of incident is extremely serious."
These incidents have come to light as the Privacy Commissioner's Annual Report, released this week, labelled 2012 "The Year of the Data Breach".
It says this year has been marked by "major public sector data breaches", including the release by ACC of information on thousands of people, and IT security lapses at the Social Development Ministry.
- The Manawatu Standard
Does more need to be done to protect NZ passports?