Pharmacist sacked after snooping on patient data

A privacy breach of more than 7000 patients at Victoria’s Alfred Health has been revealed after their medical records were viewed by a healthcare worker while not directly involved in their care.

Alfred Health chief executive Prof Andrew Way said accessing patient information without a direct clinical reason is a breach of privacy and completely unacceptable.

“We deeply value the relationship we have with our patients, and the trust they put in us, and we unreservedly apologise for the healthcare worker’s misconduct,” Prof Way said.

“We have written to every patient whose medical record was accessed without authority, and we have invited them to call our dedicated hotline if they would like additional information or support.”

While cybersecurity experts reviewing the privacy-matter found no evidence of download or use of patient information, the pharmacist’s behaviour was a fundamental breach of professional standards.

“What began as healthcare worker’s legitimate professional access to the electronic medical records system morphed to include access for personal curiosity,” he said.

“As soon as this behaviour was confirmed, we terminated their employment and referred the matter to both the Australian Health Practitioner Regulation Agency (AHPRA) and the Australian Digital Health Agency.”

Information viewed included patient names, birthdays, Medicare numbers, home addresses, next-of-kin details, and medical information such as diagnoses, clinician notes, test results and treatment particulars. No financial information was accessible.

The health service claims there is no evidence the, now, former employee kept a copy of any data, shared data online or otherwise misused patient data.

It is now looking at whether there is technology available to improve the detection of unusual behaviour in the electronic medical record system, while still ensuring seamless access for time critical patient care.