Google+

Sunday, 20 January 2013

Get Out of Jail Free Card for Healthcare Workers

There is a duty for care and privacy, for all patients, which needs to be respected by healthcare professionals, the professional associations they are members of, the Australian Health Practitioner Regulation Agency (APRHA), its sub-boards and all health facilities.

Any violation of these considerations, by a health professional, breaches the confidence of patients, APHRA, its sub-boards, professional health associations and employer health facilities.

The community expects more from Government Regulatory Bodies than turning a blind eye to morally bankrupt behaviour by healthcare workers they are commissioned to regulate. Serious breaches of privacy should attract appropriate penalties.

Under recent amendments to the Privacy Act (Privacy Amendment - Enhancing Privacy Protection Bill 2012) data theft by healthcare professionals could be regarded as serious and at the discretion of the Privacy Commissioner the employer (Medical Centre) could be heavily fined yet the data thief goes free.

Currently APHRA and its sub-boards position, on this type of behaviour, falls well short of the expectations of the community and all businesses who employ health professionals.

Theft of restricted data and removal without the authority of patients breaches the Privacy Act apart from any other contractual arrangements between employers and health professionals.

The breach of confidence with the medical centre by a healthcare professional, due to data theft, is a commercial matter and can be dealt with in the civil courts if the ex-employer has the financial means, after the data theft, to sue for loss and damages.

However the immunity from prosecution by Police, currently afforded to employed health professional data thieves, due to lack of legislative powers to prosecute and the blind eye approach by APHRA and its various sub-boards does little to instil confidence in the community. Patients have every right to expect their private and confidential information remain safe and secured as required under the Privacy Act and as indicated in most health facility privacy policies.

A recent data theft event, covered on Data Theft Australia, was a mult-million dollar fraud, effecting patients right to privacy and continuing care, closed down one of Sydney's largest and most advanced sports injury centres and saw experienced staff laid off right on Christmas.

APHRA and The Chiropractic Council of NSW in consultation with the Healthcare Complaints Commission resolved to take no action against the perpetrators of this fraud effecting thousands of patients, health centre employees, the community at large and the business owners. To our knowledge these bodies have never prosecuted a healthcare worker for data-theft and / or breaching the privacy of patients.

Ethically challenged Healthcare workers have effectively been given a get out of jail free card to commit major fraud, steal patient data and remove it from healthcare facilities without patients written authority, a current requirement under the Privacy Act as it relates to patient medical files however is unenforceable in cases of data theft by employees.

This freedom should be a major concern for all patients attending any health facility anywhere in Australia and contradicts the rhetoric propagated recently by the previous Attorney General Nicola Roxon and the Privacy Commissioner Timothy Pilgrim about new privacy powers.

Currently the Privacy Amendment - Enhancing Privacy Protection Bill 2012 does not cover any employed person, who steals data from their employers, yet subjects the employer, at the discretion of the Privacy Commissioner, to potentially huge fines for breaches of privacy while the ex-employee data thief remains immune from prosecution.