ACC'S computer storage of its clients' confidential medical records is "so primitive" the records can be viewed by virtually every employee from a mailroom assistant up. The corporation relies on reminding its staff they should not look at files they are not supposed to view on its EOS claims management system as one way of protecting privacy.© Fairfax NZ News
The lack of restrictions to medical records on the system was criticised yesterday by Dunedin ACC client Bruce Van Essen as "out of the ark". Mr Van Essen said ACC told him his files had been accessed 2800 times since 2006, "which surely cannot be related to everyday claims management".
ACC has previously had to pay Mr Van Essen $12,000 for one breach of privacy and has admitted to several other breaches.
The corporation is under fire for sloppy privacy practices after The Dominion Post revealed last week that it sent whistleblower Bronwyn Pullar 6500 clients' private details, including the names of sexual abuse and violent crime victims. The revelation prompted an inquiry into ACC's privacy practices by the privacy commissioner and has also prompted a flood of complaints from ACC clients that their privacy had been repeatedly breached.
Ms Pullar said she had repeatedly outlined longstanding concerns to ACC about its "primitive" security for confidential medical files in EOS after learning that her file was accessed nearly 2000 times in 3 1/2 years. She was horrified that 137 ACC employees "right down to a mailroom assistant" had looked at her file. "Any one of those people could have looked at my strictly personal, private medical in-confidence health information," she told ACC.
"No-one can rock up to your GP's office and look at your medical records. Why should they be able to do this at ACC?" Ms Pullar said yesterday.
"ACC rely on the hope that ACC employees don't snoop and then they conduct annual audits once the snooping has already occurred.
"All claimants' medical records should be kept secure and only those with the appropriate authority and security clearance should be able to view them."
The confidential medical records were being regarded as general documents on the EOS system instead of being restricted, she said.
Mr Van Essen could not understand why "low level parties who have absolutely no medical qualifications have access to my sensitive and confidential medical records".
An ACC spokeswoman said ACC did regular checks to ensure "adherence to protocol" and all data on EOS was considered in confidence. Clients in the sensitive claims unit – such as victims of sexual abuse and violent crimes – had their files stored on EOS but access to those files was restricted.
Ms Pullar and Mr Van Essen said if that were the case then all ACC clients should have restrictions placed on just who could view their medical details.
Document's Explosive Allegations
The document tabled at a crucial December meeting between senior ACC managers and whistleblower Bronwyn Pullar makes explosive allegations that the corporation repeatedly broke laws. The 45-point document – posted on line at dompost.co.nz – accuses ACC of breaking a wide range of laws in its dealings with Ms Pullar since she suffered a life-changing brain injury in 2002. It alleges ACC staff made false written and oral statements to unlawfully obtain medical reports for its advantage, collected personal information without her knowledge, and made clinical decisions and assessments without medical competency or qualifications.
Ms Pullar gave the document to ACC senior managers Philip Murch and Hans Verberne at the meeting and asked that its contents be raised with chief executive Ralph Stewart and the ACC board. The document said that ACC deliberately interfered in supposedly independent medical assessments, and covertly and inappropriately communicated with assessors to bias the outcome against claimants. It said ACC exceeded its powers by investigating injuries for which no claim had been lodged.
The document said ACC had breached privacy laws, ACC's own legislation and code of conduct, medical council professional standards, the Crimes Act and the State Services code of conduct.
ACC said it could not comment on privacy issues till the completion of a Privacy Commission inquiry, announced yesterday, into the recent mass data breach and whether or not ACC had systemic privacy problems.
Click here for a full list of Ms Pullar's complaints
http://www.stuff.co.nz/national/politics/6630091/ACCs-records-storage-primitive
No comments:
Post a Comment