NT Health throws breach notification obligations out the window; says patients should call them to find out if they were affected?!
According to Northern Territory Health’s website, the Australian government agency manages the Northern Territory public health system, operating across five service delivery regions, six hospitals, 74 health clinics, and seven corporate offices.
“As NT Health, we work together as one system in partnership with individuals, families, the community, Aboriginal heath organisations and stakeholders to provide high quality, evidence-based, patient-centred care,” they write.
Perhaps they should add, “But don’t expect us to be accountable or take responsibility for violating your privacy.”
Jack Hislop reports that when NT Health transferred 50,000 patient records between two government departments in 2018 and 2019, more than 3,000 records were sent, by plan, to global software vendor Intersystems. Intersystems has offices in 27 countries, including in Europe, South America and China, and a subsequent audit failed to identify where all the records sent to Intersystems were or how far they had spread. Some of them were sensitive.
If this was a baseball game, Strike 1 might be sending health records to a software vendor without a plan, protection for sensitive information, and monitoring. Strike 2 might be the fact that the health minister at the time never disclosed the breach.
Strike 3 would be NT Health’s response to ABC about whether they would be contacting patients to inform them of the breach. It doesn’t appear that they have any intention of doing that.
In a statement to the ABC, NT Health said if people were concerned, they should contact the department’s information and privacy unit.
Read more at ABC (AU).
Update: Hislop’s reporting got a response. Read NT information commissioner seeks to distance himself from privacy breach of public health files