DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Did Auckland District Health Board overreact to privacy breach?

Posted on June 14, 2013 by Dissent

In the U.S., we expect entities to take strong and effective action to address employee snooping or improper sharing of patient confidential information. But a professional group in New Zealand is not happy with the Auckland District Health Board’s response to a breach previously reported on this blog involving a patient who sought emergency treatment for an eel up his tuchus . His records were shared among staff and somehow made their way to the media, leading to the ADHB disciplining over 30 employees at Auckland City Hospital.

Ruth Larsen reports that the ADHB’s circulation of the privacy agreement has drawn some strong criticism from the executive director of Association of Salaried Medical Specialists:

Particularly objectionable is a clause stating passwords and logins must never be shared, and staff are accountable for all transactions in Auckland DHB information systems under their login/password, he says.

There are often good reasons for other staff members to share patient files, Mr Powell says.

Wait, what? There are good reasons to share patient files, but if you let a colleague access a file under your login and you walk away, do you know what else they’re accessing? How many times have we seen this here – where shared logins or failure to log out led to theft of patient information? The ADHB is correct, in my opinion, to reinforce the importance of not sharing passwords and login credentials.

Under the agreement, staff are also expected to ensure anti-virus software is installed and up-to-date on the computer they are using.

Well, okay, there I might agree with any pushback. That shouldn’t be on employees unless it’s a BYOD, and should rest with the hospital’s IT department.

Sending out the agreement shows a top-down mentality within the DHB, he says.

However, ADHB chief executive Ailsa Claire says in a media statement the privacy agreement is one all staff sign when they begin employment at the DHB.

It is exactly the same document that has been in use since 2008, Ms Claire says. (emphasis added by me)

“We are reissuing it to raise awareness of privacy and the absolute commitment ADHB has to ensuring patients’ records are not inappropriately accessed.”

Ms Claire acknowledges there are “issues” with the form and has given a commitment to work with staff to remedy them.

ASMS members have been advised not to sign the agreement and the association has requested the DHB replace it with a reminder to staff of their obligations regarding privacy.

Note that this was posted on nzDoctor.co.nz. Because they do not include a copy of the agreement, it’s impossible to know exactly what the wording is and what changes might be reasonable to make, but no, it is not enough to just remind staff of their obligations to protect privacy and confidentiality. Employees need to sign agreements, they need to know they are being watched and that their access is being logged and audited, and they need to know that there are consequences for failure to adhere to the privacy policies. The protections are their for the patients, and if staff finds them inconvenient or that they interfere with patient care, start a serious discussion, but it is not effective to just send a reminder as the association is requesting. We have too many breach reports proving otherwise.

Category: Uncategorized

Post navigation

← Rothamsted Research Data Leak Insight and Analyst
Tepco employee loses info on 22 claiming nuclear compensation redress →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.