Anna Caldwell reports:
The private details of Queensland Health patients are at risk of being lost or stolen and there are inadequate plans to deal with a major security breach.
But the troubled department is racing to implement computerised medical records.
The Auditor-General’s report into information systems governance and control has identified gaps in protocol in Queensland Health and seven other government agencies.
[…]
At Queensland Health, the report labelled the control environment for patient information storage and technology infrastructure “satisfactory”, but found security gaps and a failure to prepare for how the system would respond in a disaster.
One damning finding was that there were limited efforts to review just who had access to medical records, and even physical storage facilities.
At one unnamed hospital, 460 access cards were available to get into the primary medical records area, despite only 140 hospital management staff existing.
Read more in the Courier Mail.