BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Medicare data breaches increase privacy fears

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 16 Mar 2010 02:17:05 -0400
http://www.theaustralian.com.au/australian-it/medicare-data-breaches-increase-privacy-fears/story-e6frgakx-1225841101367

MEDICARE Australia dealt with 234 serious data privacy breaches by
employees in 2007-08, but 160 of these resulted in only an emailed
warning or counselling.

In the three years from November 2006 until December last year, 569
staff were identified as having "unauthorised access" to client
records held by the agency.

Contrary to recent Medicare claims that most of the unauthorised
access related to staff accessing their own records, only 171 out of
the 569 investigated were in that category.

Medicare was yesterday forced to produce data breach statistics and
details of sanctions to a senate inquiry, after disputing revelations
in The Australian of staff snooping.

Under the Healthcare Identifiers Bill, to be debated by the senate
this week, Medicare will compulsorily assign unique, 16-digit patient
identity numbers to all Australians, and operate a national identifier
service to expand electronic communications right across the health
sector.

A Medicare spokesman said yesterday all potential cases of
unauthorised access were investigated. "Where inappropriate access is
identified, penalties are applied according to the seriousness of the
breach," he said. "For instance, a person who has looked at their own
record or a family member's record on the same card on one occasion
may undergo counselling. More serious incidents are dealt with more
severely, such as by termination of employment or by resignation.

"This has occurred when someone has looked at multiple records,
including those of family members, on a number of occasions without a
business need."

Medicare was committed "to upholding best privacy practice", he said.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: