It seemed to be “just another” case where a district health board made a mailing error and sent a patient’s records to the wrong party. But the response of the privacy commissioner disturbed me somewhat.
The West Coast District Health Board has apologised after it posted two pages of a woman’s private medical records to the wrong person.
The papers were mistakenly sent to Ashburton woman Jen Branje, who was living in Westport when she had surgery at Grey Base Hospital last year.
She lodged an ACC claim, and asked the hospital to post her records to back up her complaint.
They arrived in the mail, but were accompanied by two additional pages belonging to a different Westport woman with a completely different name and NHI patient number.
“I could understand it if they hit the wrong computer button,” she told the Greymouth Star today. However, the information she received was in paper copy.
Ms Branje started trying to contact the other woman, and also phoned the Privacy Commissioner, who told her the files should be immediately returned to the hospital, their contents must not be disclosed and she must not contact the other woman.
She was told it was up to Greymouth Hospital, not her, to disclose the breach.
“Must not contact?” If the privacy commissioner ordered or tried to forbid someone from calling anyone about a breach, doesn’t that exceed some authority somewhere? Yes, the hospital or district health board needs to contact the patient about the matter, but telling the recipient that she must not contact the patient strikes me as… wrong. Unless there is some law in New Zealand that I don’t know about that prohibits such contact?
Read more on New Zealand Herald.