May 17, 2023
On Thursday 11 May 2023 Ambulance Victoria (AV) was made aware that documents containing personal information of some current and prospective employees was accessible to other AV employees on the AV intranet.
The documents contained the alcohol and other drug testing results of approximately 600 job applicants undertaken between May 2017 and October 2018. The documents included first name, last name, date of test, results (negative or non-negative, which meant further testing was required) and, where applicable, the class of drug detected and whether AV standards were met or further lab results required.
AV is committed to protecting the privacy of our people and our patients and we are extremely concerned that this personal and health information had been inadvertently accessible on the AV intranet. We recognise the distress this may cause all affected individuals and the public and we unreservedly apologise.
For our patients, we want to reassure you that information you provide us during treatment is safe and protected, and not involved.
All AV employees were notified on 11 May 2023, and AV has contacted current employees directly impacted. As the data included information for prospective employees, we are in the process of contacting anyone who is not a current AV employee. All affected people will be provided with wellbeing and support services, as required.
Our investigation shows the documents have been accessed only a handful of times in the past six months. The documents were not directly accessible to anyone outside the organisation and there is no evidence of them being shared outside AV.
AV immediately removed access to these documents and commenced an investigation including an access audit. Our investigation continues but the documents appear to have been made accessible by error.
AV self-reported this matter to both the Office of the Victorian Information Commissioner and the Health Complaints Commissioner and we have undertaken to keep them appraised of developments as they arise.
We can confirm that such information is currently handled in accordance with our obligations under the Health Records Act 2001 (Vic) and the Privacy and Data Protection Act 2014 (Vic) and we have taken steps to ensure it does not happen again.
If you believe you have been impacted, please contact [email protected].
Source: Ambulance Victoria