Wellington Hospital Data Breach (2015)

A Wellington Hospital staff member has left after being caught accessing 33 patients' records. The breaches have sparked an independent privacy review of the Capital & Coast District Health Board's privacy practices, which recommended more thorough auditing, restrictions on access to electronic medical files, and better staff training. A report, released under the Official Information Act, revealed the investigation occurred after a former colleague claimed the woman had been snooping into her electronic medical records. The woman initially claimed she did not even know the complainant, but it was later revealed the pair had sat next to each other as administrative workers at Wellington Hospital. A subsequent audit found the woman had not only breached her colleague's medical record, including her admission to the emergency department, but had accessed the electronic health records of 33 patients "without an obvious legitimate need to do so". After further investigations, the DHB accepted that, in 28 of these cases, there had been no privacy breach. However, she was found to have accessed her own family's medical records five times without authorisation. CCDHB chief operating officer Chris Lowry said the woman claimed she had permission from her family, but she had nevertheless accessed private health records to which she had no right. "Whether she did it off her own volition, or for her family members, it is still a breach." The woman is no longer employed by the DHB, but Lowry refused to comment on whether she resigned or was dismissed. She said the DHB had apologised to the original complainant, but no other patients affect by the breaches had been contacted.