"The Commissioner considered whether the steps taken by the health service provider, when it mailed copies of the complainant’s medical records and the original x-rays in the general mail to (another) health service provider, were ‘reasonable’ in the circumstances.As health information, the complainant’s medical records and x-rays are sensitive information as defined in the Act, which is generally afforded a higher level of protection than other forms of personal information. The potential harm the complainant would suffer, should the original x-rays be lost in the mail, is significant, given the loss of this record of the complainant’s condition would be permanent.The Commissioner noted that while the health service provider was not a large organisation, the cost of alternative methods to transmit the documents would not be a significant financial burden. The Commissioner also considered the level of risk of the medical records and x-rays being lost in a generally dependable and reliable general mail system. The Commissioner formed the view that the health service provider failed to take reasonable steps to protect the complainant’s personal information by using the general mail, in breach of National Privacy Principle 4.1."
Thursday, October 02, 2008
Not good privacy practice: "your Xrays are in the mail"
From a recent case note (S v Health Service Provider  PrivCmrA 19) issued by the Federal Privacy Commissioner on whether reasonable steps were taken to protect personal information from misuse and loss and from unauthorised access, modification or disclosure: