The commission identified significant flaws in the security and regulation of shared care record (SCR) portals. They noted district health offices need to be "more demanding" of patient security and found none of the reviewed SCRs were able to provide a compelling picture of how access was audited.
"...despite high-profile cases where health staff had illegitimately accessed patient records... no steps have been taken to secure systems against unauthorised access and malicious attack.."The portals require credentials to gain access, but the report highlighted the ease with which staff can bypass permissions, thus allowing widespread and damaging accidental or malicious disclosures.
- Privacy Commission, New Zealand
Healthcare organizations seeking auditing of access and proactive detection of privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Report slams medical privacy - www.SundayStarTimes.co.nz, 08/10/2014