Theft prompts plea to keep health records safe

21:59, Sep 03 2013

The theft of unencrypted patient information from the Southern primary health organisation's Invercargill office last month highlights the need for health providers to ensure the safety of patient information.

That's the message from Privacy Commissioner Marie Shroff, asked to respond to news the personal details of hundreds of Southland schoolgirls were included in a backup computer hard-drive stolen from the PHO's offices on August 16.

"A spate of these kinds of incidents suggests that health providers should be looking to assess the safety of their patient information and take steps to safeguard it," Ms Shroff says.

In a recent case in Christchurch, patient information was stolen from an ACC case manager who took home some of her work notes, which were stolen when her home was burgled.

"PHOs should be able to say, hand on heart to their customers, that they have taken adequate steps to protect information and perhaps look at additional safeguards like encryption as one of the options to be considered," Ms Shroff said.

The stolen computer hard-drive contained names and addresses and the vaccination dates of girls participating in the human papillomavirus (HPV) immunisation programme during the past couple of years.


The Southern PHO runs the programme in Southland through about 34 schools and the information included in the backup hard-drive was not encrypted or password-protected.

PHO chief executive Ian Macara said while all patient information held by the PHO was safeguarded, this particular backup hard-drive was not.

"We have learnt a hard lesson and we have apologised to the parties involved."

Letters had been sent to the parents or guardians of all the girls and a special telephone "hotline" had been set up.

There had been little feedback from the girls or their families, with only seven calls to the "hotline" by 8am yesterday and no messages to a special email address that had also been set up.

The PHO contacted the privacy commissioner's office immediately following the incident and had been working through an action plan.

Ms Shroff said the PHO appeared to be following the data breach best practice process.

Mr Macara said thieves broke through two locked doors and a locked cabinet to steal the computer.

They targeted petty cash and other electronic gear.

The irony was that the PHO was just finalising arrangements to have a security alarm installed, he said.

Invercargill police are continuing investigations. - New Zealand Doctor

The Southland Times