Pound Road Medical Centre (PRMC) is likely regretting its decision to store 960 paper medical records for mostly former patients of the organisation in a garden shed, with Australian Privacy Commissioner, Timothy Pilgrim, today ruling that the medical centre has breached the Privacy Act.
The investigation by the Office of the Australian Information Commissioner was sparked after a November 2013 break-in into the "locked" shed, which was situated on a premises that PRMC no longer used, and the medical records were "compromised" — resulting in a third party gaining access to patient's full name, address, date of birth, Medicare number, and treatment details including results of medical investigations and discharge summaries.
Highlighting the obvious need to treat hard copy documents in a similar manner to digital documents, Pilgrim said that paper records should be disposed of if they are no longer needed.
"There is no point in converting paper records to a secure digital system, and then leaving the paper files unsecured," Pilgrim said.
"I can't think of any circumstances in which it would be reasonable to store health records, or any sensitive information, in an insecure temporary structure such as a garden shed."
"Get out the shredder or hire a secure document destruction service. If you don't, you're putting your clients at risk of identity theft or fraud, and your company at risk of enforcement action."
The results of the Privacy Commissioner's investigation comes as the Murray Inquiry into the Australian financial sector released its interim report and called for the development of a comprehensive government technology strategy to deal with the impact of personal and payment data being used in the financial industry.
"Firms are collecting and storing growing volumes and types of customer data. As they seek to harness the commercial value of the data, it increasingly raises concerns about the way in which personal information is handled and used," the report said.
The report suggested a strategic body should be set up to oversee technology policy, developed in consultation with industry, to promote technical innovation while including requirements for electronic disclosures, consumer protection, and updating and implementing the National Cyber Security Strategy.
Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining the company as a programmer.Leaving CBS Interactive in 2010 to follow his deep desire to study the snowdrifts and culinary delights of Canada, Chris based himself in Vancouver and paid for his new snowboarding and poutine cravings as a programmer for a lifestyle gaming startup.Chris returns to CBS in 2011 as the Editor of TechRepublic Australia determined to meld together his programming and journalistic tendencies once and for all.In his free time, Chris is often seen yelling at different operating systems for their own unique failures, avoiding the dreaded tech support calls from relatives, and conducting extensive studies of internets — he claims he once read an entire one.