Privacy questions for major health fund

Saturday's Sydney Morning Herald ("Health fund leaking patient medical files") reported that HCF, one of Australia's largest health funds, has provided McKesson Asia Pacific with details of 370 members with some history of mental illness, and that McKesson has used this information to seek to directly sell them services.

Both HCF and McKesson claim no breach of privacy legislation is involved although the report says the information was handed over without consent.
HCF's privacy policy statement includes the following:

"At HCF we recognise the trust you place in us when you provide personal information. We will not use, sell, rent, share or disclose any information about you to any third parties, other than Government agencies or those who are contracted to us to keep the information confidential, such as medical professionals, re-insurers, research companies and mail houses".

It's not clear how much wriggle room HCF have here to claim justification for disclosure to McKesson, but the Sydney Morning Herald report says both the Federal and NSW Privacy Commission are asking questions.

When these sort of stories make the news ,we're left wondering just how many instances of this type of conduct occur every day but just below the public awareness water line.

Australia is not the only place with health privacy concerns.