Major privacy breach at DHB

The Bay of Plenty District Health Board has sacked a "trusted" staff member for breaching the privacy of nearly 50 patients.

The staff member was sacked after the board launched a four-month investigation following allegations the staff member had access to clinical records and "used them for her own purposes".

The Bay of Plenty Times understands the staff member was accessing private files and then discussing patient details in casual conversation with other staff.

During the investigation the staff member remained employed at the health board, working at the same desk and computer she used to access the patients' files.

The district health board confirmed 48 patients were contacted and advised their privacy might have been breached. The breaches occurred over a four-year period.

District health board general manager governance and quality/privacy officer Gail Bingham said the staff member committed "serious misconduct", resulting in termination of their employment.

Ms Bingham would not comment on the staff member's name or the department they worked in.

"Unfortunately a trusted employee with employment-related access to clinical records has chosen to abuse their position and access the system for their own purposes."

Until the investigation was completed no specific charges of serious misconduct could be made and the staff member continued in their work during that time, Ms Bingham said.

However, her access was closely monitored during this period to ensure her access to clinical records was for legitimate work purposes only.

In the review the board matched every access to clinical records the individual had in her role against those patients' attendance at/or admission to hospital. The investigation identified 48 breaches and the board is satisfied no further breaches occurred, Ms Bingham said.

A patient who received a letter last month informing her of the breach said she still had questions about what had occurred.

"It was like 'we're investigating a breach of privacy, have a nice day'. I was just like 'what the heck'. Why would this person want to access my medical files? I don't know what she's looking at."

She said the breaches could be traumatic for vulnerable patients.

A district health board employee said she was concerned the board failed to respond appropriately to the breaches.

"In that four-and-a-half months she was still there at her computer. She could have still been delving into files," the source said.

"We don't know why she did it but she had a huge mouth."

The source said the woman brought up patients' details in conversations.

This raised concern among other employees about the type of information the staff member had access to and management was informed.

"It's just not fair," the source said. "Too many people were affected and why should everyone else be under suspicion?"

The source did not want to be identified for fear of losing her job but felt upset enough to speak out.

"I really think it needs to be brought out into the open. I think they need to say sorry."

The letter sent to victims apologised for the breaches, saying the staff member breached both the Privacy Code and the Bay of Plenty District Health Board's own policy.

- By Kiri Gillespie of the Bay of Plenty Times