Secure Medical Documents Found Outside Brisbane Hospital
In scary scenes for patients of the Royal Brisbane and Women’s Hospital (RBWH), a staff member found abandoned files containing sensitive patient data on a road near the hospital.
Such a case raises some serious questions regarding the security of the patients and the potential implications to the hospital. To help you understand the gravity of what was found, we’ve broken down the common questions from this specific case.
What was in the files?
The hospital hasn’t disclosed a great deal of details on what the files contained or how many there were. However, it was confirmed that the files included a variety of outpatient documents – containing patients’ names.
How does the law say that sort of information should be handled?
Under Australian law, the Privacy Act 1988 (Cth) dictates that the following can legally be considered “personal information”:
- Notes about the symptoms you describe or the health service provider’s observations and opinions of your health
- Prescription information
- Contact and billing details
- Test results and reports, such as those relating to blood samples and X-rays
- Dental records
- Your Medicare number
- Private hospital and day surgery admission and discharge records
- Other sensitive information about you such as your race, sexuality or religion.
In any case where information of this calibre is concerned, the information in question should be collected with full consent, protections and processes. Also, the holder is required to provide adequate levels of protection to ensure that personal data cannot be exposed.
How did the files end up in an unsecured location?
It’s reported that the files had been picked up by a contractor and were due to be taken to a destruction facility. Instead, they were abandoned on Abbotsford Road, a busy street near the hospital.
It’s unclear exactly how the contractor left the files behind, but naturally, their solution to medical document destruction is far from secure.
What could have happened if the wrong person found the files?
If the data had been leaked by a private business, penalties could easily have been north of AU$10 million. Thankfully for those involved, it’s unlikely a public hospital will be sanctioned with the full force of the laws.
Nevertheless, the human impacts of a leak such as this are incredibly real. Real people had their personal and medical information exposed and available to whoever found it in Bowen Hills.
What should RBWH have done?
The hospital should have trusted a more secure service to ensure their medical document destruction could occur without risk or breach. Shred-X has been awarded the National Association for Information Destruction’s highest accolade – the AAA Certification. From onsite collection and external destruction to complete onsite destruction services, we can keep your data and files as secure as possible.
To find an affordable yet secure data destruction service for your business, chat to the Shred-X team today.