​ABC uncovers over 1,000 confidential NSW medical records

It has been reported the medical records were found at the derelict former NSW aged care facility.
Written by Asha Barbaschow, Contributor

The confidential medical information of more than 400 patients has been found in an abandoned aged care facility that was operated by the New South Wales government, the ABC has reported.

The facility was once the Garrawarra Centre for Aged Care in Helensburgh, 45km south of Sydney, which according to the ABC is operating a 120-bed dementia-specific facility nearby.

It is believed the documents, containing pain and incontinence charts, social worker reports, doctors' referrals, hospital admission forms, a photo album, and an internal memo regarding a complaint from a daughter who was not notified when her father died, were left on the floor of the derelict building.

According to the ABC, the documents, dated from 1992 through 2002, contain "intimate" information such as patients' personal profiles, medical conditions, behaviours, accidents, treatments, and medical history.

Citing a statement from NSW Health that allegedly claims the site has been illegally trespassed, the ABC said the state has opened an "urgent" investigation into the centre's "document management and security systems".

"If it is found that any file notes have been inappropriately stored, the centre will be contacting individuals, or their families to apologise," a NSW Health spokesperson is quoted as saying.

The investigation comes as the federal government is dealing with security and privacy concerns over its contentious My Health Record.

The opt-out window for the My Health Record online medical file has gone less than smoothly, with the federal government going into damage control over the past few weeks to assure Australians their medical information is safe.

On Tuesday night, despite saying for weeks that policy will trump the legislation backing My Health Record, Health Minister Greg Hunt announced the legislation will be brought into line with the policy of the Australian Digital Health Agency (ADHA) -- the agency charged with overseeing the My Health Record and ensuring citizen information is secure.

Hunt said the changes will remove any doubt, and strengthen privacy provisions.

Earlier this week the Office of the Australian Information Commissioner (OAIC) released its first full quarterly update since the Notifiable Data Breach scheme (NDB) came into effect in February, highlighting once again that health is the most breached sector.

For the period April to June, OAIC received 242 notifications, an increase of more than 380 percent compared to the previous period's 63 notifications. One breach impacted over 1 million Australians, the office said, with 52 affecting between 100 and 1,000 people; 55 between 11 and 100 individuals; 42 hitting from two to 10 people; and 51 events affecting a single person.

Nearly half of all notified breaches involved financial details, and almost all involved contact information such as home address, phone number, or email address.

In May, Family Planning NSW had to tell customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack.

The organisation provides advice on contraception, pregnancy, and sexual health, and it is believed the databases breached contained information on around 8,000 clients who had contacted Family Planning NSW to make an appointment or leave feedback through its website.

It was confirmed to clients via email that the not-for-profit that provides vital assistance to the state suffered the breach on Anzac Day -- April 25, 2018.


Private health providers called out in quarterly Australian data breach report

OAIC finds private health service providers and finance are the two most-breached sectors from April to end of June.

My Health Record opt-out period from July 16 to October 15, 2018

The window for Australians to opt out of an electronic health record has been announced by the government.

Very little is stopping My Health Record being hooked up to robo-debt

Intent and potentially a lack of will are all that are preventing a meeting of robo-debt and health data, because the legislation is not.

Privacy Foundation: Trusting government with open data a 'recipe for pain'

The Australian Privacy Foundation wants the government to develop security controls around sharing open data and provide the agency charged with investigating data misuse with 'adequate' resources.

Australia's open data approach lands in a security and privacy minefield (TechRepublic)

Australia is charging headlong into a privacy disaster as government open data initiatives come online without considering how to properly implement privacy safeguards and data anonymity.

Editorial standards