Two client privacy breaches at the Midcentral District Health Board have sparked an internal audit to investigate how staff mishandling of paperwork led to clients receiving other people's confidential files.
An internal privacy campaign is under way at the health board after staff misfiling paperwork and failing to double-check outgoing files were found to be at fault in cases where confidential information was sent to the wrong clients in two separate cases revealed by the Manawatu Standard last year.
The issue came to light after a Palmerston North woman was mailed other patients' mental health records by the health board. Last November whistleblower Zelda McConachy complained she had been receiving pages of confidential details about mental health patients - including their names, contact details and descriptions of medication and behaviour - found among her own records.
She had been requesting copies of her own records annually under the Official Information Act for the past 20 years, and claimed she had frequently complained to MidCentral about receiving other people's records during that time.
The incident was the first of two data breaches for which MidCentral claimed responsibility within a short period last year.
Shortly after Ms McConachy's claims were made public, the health board voluntarily revealed it had also mailed the details of 133 clients' children confirming their enrolment in an adolescent oral health service, to other parents.
A recommendation has been made for 100 clinical records to be audited to ensure confidential paperwork is being dealt with correctly.
Director for patient safety and clinical effectiveness Muriel Hancock said the health board was overhauling paperwork handling practises to ensure it would not happen again.
"We have made improvements to our processes and systems, that is what it is about, that is why we report these incidents and take whatever opportunities we possibly can to improve."
Ms McConachy's claim that she frequently received other people's mental health records during the past 20 years was not able to be verified by the health board's investigation, but that did not disprove it, Ms Hancock said.
"She could still be right, I'm not arguing whether she did or didn't [receive the files]. We have not been able to ascertain [that] in our own inquiries and she was not able to provide any evidence of that."
Ms McConachy said she had been told by MidCentral staff to destroy the files when she first began making complaints.
The first report on the incidents, released yesterday, says staff acted quickly to remedy the breaches of privacy and handling of the issue was "positive and immediate".
However, Ms McConachy is sceptical that things will improve.
"Put it this way, I've heard all of this before and it happens again a few months later," she said. "They may be a bit more careful now."
A critique of the system that led to both incidents is still under way and will lead to changes in the way information going out is treated.
Issues with printing facilities appeared responsible for information being printed among Ms McConachy's notes that was intended for other patients. A fax printed other clients' records the same time as the 748 pages Ms McConachy requested. When the notes were assembled they were not checked, the investigation found, causing other patients' records to be clipped to her own and sent to her.
A printer that reverted to its double-sided default setting was responsible for the letters being sent to the wrong people, and those documents were also not checked.
The outcome of the full audit will be presented at the health board's meeting next month.
- Manawatu Standard
Does more need to be done to protect NZ passports?