An SA Health worker has been sacked for accessing patient health records without authorisation, bringing the total to 13 since February, as the state government continues its crack down on the unethical conduct.
SA Health has released new figures as part of a privacy breach update that confirmed another employee received a final warning for snooping on medical records.
According to the Adelaide Advertiser, 26 employees have been disciplined in 2018.
Earlier this year 21 staff were caught spying on confidential patient information, including 13 who accessed the records of alleged murderer Cy Walsh following the death of his father Phil Walsh, who was the celebrated coach of the Adelaide Crows AFL team.
At least nine patients were reported to have had their medical records inappropriately accessed by health staff, with SA Health vowing in February to report quarterly on the questionable practice.
The news has come at a time of heightened awareness about data privacy in Australia as the Federal Government’s My Health Record opt out debate continues.
[Read more: UK hospital staff member sacked for accessing Ed Sheeran’s medical records | NSW Health Minister apologises as hundreds of abandoned medical files are discovered in derelict former aged care facility]
It also follows SA Health’s confirmation of a privacy breach that saw the pathology results of thousands of children exposed online for 13 years.
According to a statement by SA Health, the children’s test results were uploaded to the website of the Women’s and Children’s Hospital in 2005 embedded in an academic presentation on childhood infections.
The data contained the names, dates of birth and results of about 7200 pathology tests taken between 1996 and 2005.
The presentation was removed from the WCH website in 2016 but had been uploaded with the embedded information to external document sharing websites dokumen.tips and docslide.com.br.
[Read more: Greg Hunt announces legislative changes to tighten privacy and security protections for My Health Record | “Yet another wake-up call”: Privacy Commissioner releases new data breach report, with health sector top of the list]
Executive Director of Corporate Services for the WCH Phil Robinson apologised to those affected and said SA Health took urgent action to have the information removed once it was alerted to the error last week.
“Because the author did not remove the source data in the presentation it was able to be accessed online,” Robinson said.
“The test results related to patients who were treated at the WCH for respiratory infection, gastro or whooping cough, all of which are childhood infections.
“Our IT security team advise that the risk of anyone discovering the embedded information within the presentation is extremely low.
“Once we were alerted to the error late Wednesday afternoon, we identified the nature of the information and contacted the website administrators who removed the presentation containing the data by Thursday afternoon.”
The data was stored in a cache that was cleared late Friday.
“We have no evidence to suggest that any of the information has been used inappropriately,” Robinson said.
“I would like to apologise to those affected by this data error.”
Anyone with concerns can contact the WCH information line on 08 8155 5654.
To share tips, news or announcements, contact the HITNA editor on firstname.lastname@example.org