21 March 2023

'Stop hiding behind investigations': Mental health minister slammed after patient records 'deliberately emailed' to unknown organisation

| Claire Fenwicke
Join the conversation
Mental Health Minister Emma Davidson

Mental Health Minister Emma Davidson said more answers would be provided once external investigations into the privacy breach had concluded. Photo: Claire Fenwicke.

A police investigation is underway after a serious privacy breach was detected at Canberra Health Services (CHS), where the clinical records of 13 people were “deliberately emailed” to an external organisation.

However, it’s not clear how many staff members were responsible for the breaches, which external organisation received the records, whether the records were passed on to other organisations, how the breach was discovered and over how many years the breaches have been occurring.

All CHS employees received an email about the breaches from CEO Dave Peffer on 6 March, with the subject line, “a disappointing update”. Mr Peffer’s email has just become public.

“I wanted to quickly update you on something that’s happened, which isn’t good,” he opened.

He then explained the breach had been discovered in the past few weeks.

“What I’m talking about here is whole clinical records, in some cases scanned from hard copy, and deliberately emailed to individuals outside the organisation,” he wrote.

“Breaching the privacy of 13 consumers. Over a period of years.”

READ ALSO Strathnairn House sale will provide four charities with an ‘unexpected windfall’

Mr Peffer wrote the records had been sent by a “small number” of employees to “multiple people” within one of CHS’s industrial partners.

“Records that should never have been shared outside the organisation without the express consent of our patients,” he said.

“Trust was on the line, and we’ve let these patients down.”

Mr Peffer outlined this wasn’t an accidental breach where a patient’s details were “inadvertently buried”, but one that could lead to legal consequences.

He said at the time, the ongoing employment of those involved was being considered and the incident had been referred to police, the Australian Health Practitioner Regulation Agency, and other local and national regulators.

The impacted patients and their families have also been contacted.

“Often, our patients are at their most vulnerable when in our care. The confidence our patients have to share their most private health information with us helps us to treat and care for them. All of that relies on trust,” Mr Peffer wrote.

“This isn’t a situation we want anyone to find themselves in.”

READ ALSO Researchers warn of ‘mass exodus’ as ACT principals report most experiences of violence in the country

Region posed further questions to CHS, but a spokesperson said they could not elaborate further as the incident was subject to an external investigation.

“Patient privacy and confidentiality is a key tenet of the health care system and one Canberra Health Services values greatly,” they said.

“We take any potential breach very seriously.”

It appears the records related to mental health patients who had accessed Canberra Health Services.

Mental Health Minister Emma Davidson said she had been assured the staff involved had “no further access” to confidential information but was unable to elaborate further.

“We’ll be able to offer more public information once due process and the external investigation have concluded,” she said.

“Until then, I am unable to provide any further specifics on this matter … and I have no plans to run any commentary on it.”

She did outline CHS staff were made aware of their patient privacy and confidentiality obligations through a number of processes, including mandatory training, induction processes and registrations.

“There are clear policies and procedures in place for the treatment of all health records, including access, storage, dissemination and destruction guidelines,” Ms Davidson said.

“CHS really understands its legislative and values-based obligations in relation to patient privacy and confidentiality and they treat any breach of this very seriously.”

READ ALSO Parkes Way off-ramp to close as light-rail construction ramps up

Shadow Health Minister Leanne Castley slammed this response, accusing Ms Davidson of hiding behind a “culture of secrecy” to avoid explaining exactly what has happened.

“There is a bunch of information that she can share with Canberra to give them the assurance that everything is OK,” she said.

“I’m not asking for names of who has done what, but what exactly has gone on? Why have patient records been copied, given to another body? Why did that occur? That is something she can surely answer and let us know.

“It’s time for the minister to explain to Canberrans what’s going on and to stop hiding behind investigations.”

Ms Castley questioned why it had taken so long for the email, which was sent two weeks ago, to come to light, and why the government didn’t update the public as soon as the breach was discovered.

“I’m surprised it’s taken this long for us to find out about this,” she said.

“[Those impacted] are the most vulnerable people and they have had their information taken and shared with someone else.

“It’s a disgrace.”

READ ALSO Thomas Matthews returned to jail for crashing car into three police officers

Ms Davidson was repeatedly asked about this issue during question time in the Legislative Assembly on Tuesday (21 March), but she said she could not provide any more detail while a police investigation was underway.

“It’s really important when police are doing an investigation that they are able to do their work without interference and speculation from politics,” she said.

She did clarify the industry partner to whom the details were sent was not a health fund.

Ms Davidson was asked to take the questions she couldn’t answer on notice; however, it was noted she couldn’t do this as it would legally require her to respond within a certain timeframe and it was unknown when the investigations will end.

She also explained her decision not to make a public statement about the breach even though she “was made aware [of it] in recent weeks”.

“The patient disclosure process needed to happen before this became a topic of public conversation,” Ms Davidson said.

“It is really important that when you are a person receiving health care that your needs are put first and that is what we have done here.

“The conversations with the patients who have been personally affected by these breaches are ongoing.”

Join the conversation

All Comments
  • All Comments
  • Website Comments

I’d say that most MsLA are promoted above their station. I think it’s a small pool of ‘talent’ and just a conga line of advisors waiting to pick off the job when you go.

I think the question is, when is Barr going to hold any of his ministers to account? At this rate they may just hand government to the Libs who don’t deserve it one iota either. It’s only the Greens who save us from such a fate, but truly, the Labor government has had its day.

Classic public service delaying technique. The longer the delay the less people will be interested in the eventual outcome

Louise Thompson4:12 pm 22 Mar 23

This is so terribly sad for the patients, to have your confidentiality breached in this way would be highly distressing. Some of the staff at this facility do not care about the patients, they have their own agenda which is enabled by one of the unions for political points scoring. Following an investigation, where it is proven there is no doubt the staff will be appropriately dealt with under the current CEO’s leadership.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.