MyGov health records breached in site flaw

The private eHealth records of numerous patients have been breached by healthcare providers and other myGov account users.

Two data breach notifications were received by the Australian Information Commissioner last financial year in regards to the government-administrated online health system.

The first allowed healthcare providers to view the personal health notes of consumers following a flawed technical change to the eHealth system, according to the commissioner's annual report.

The eHealth system operator identified the cause in December, and a fix was put in place to prevent further access.

The second data breach, which occurred in May, came about while consumers were linking their personal eHealth records to the myGov website — a one-stop shop for all online government services.

In some cases, the previous computer user had not logged out of their myGov account.

This meant that when the second user's eHealth account was linked to myGov, the first user gained access to both sets of eHealth records.

The Information Commissioner said the cause of the breach was not related to myGov, and strategies have been implemented by eHealth's system operator to prevent it from occurring again.

After reviewing both breaches, the Information Commissioner determined that the responses were appropriate, and no further action was required.

The Information Commissioner's annual report also revealed that more than 4,000 privacy complaints were lodged with the Office of the Australian Information Commissioner during the financial year ending June 2014.

The Australia Information Commissioner professor John McMillan said that the increase in privacy complaints was largely due to the changes made to the Privacy Act in March.