The Mercury has obtained three notices under Right to Information laws posted between April 13–June 2 to an internal platform called ‘Reach’, accessible by all departmental staff.

One of the notices, posted on April 20 and signed by Paula Hyland, CEO of Hospitals North West, Jen Duncan, CEO of Hospitals North, and Susan Gannon, CEO of Hospitals South – only Ms Hyland remains in her role – revealed the privacy invasion’s scale.

“As custodians of large amounts of personal, sensitive and health information collected on behalf of patients and clients, all employees have a legal obligation to safeguard such information,” the chief executives said in the notice.

“Earlier this month, audits of health care records identified a significant number of Hospitals North West, Hospitals North and Hospitals South employees who have accessed a health care record not in connection with performance of their duties.

“The Human Resources team is in the process of contacting these employees who will be investigated formally, and disciplinary activity taken where a breach is confirmed.

“It is extremely disappointing that potential breaches by employees continue to occur and we remind all employees, access to a health care record... is limited to authorised personnel who are involved in the care and treatment of a patient or a justifiable ‘need to know’.”

An April 13 notice posted by the Tasmanian Health Service’s Director Health Information Management Services, Trixie Kemp, titled ‘Confidentiality and Access to Health Records,’ began, “Considering the recent event in the North West, all staff are reminded of their confidentiality requirements and access to health records.”

It’s understood the ‘recent event’ relates to the alleged stabbing of a doctor at North West Regional Hospital by a 17-year-old patient, which occurred on April 9.

On June 2, matters escalated, with Health Secretary Kathrine Morgan-Wicks formally directing all employees to “comply with their responsibilities to maintain confidentiality and privacy while accessing health information stored in hard copy and clinical information systems”.

“I direct that all employees may only access health information stored in health records and systems where specifically required by the duties associated with their roles,” she said.

Ms Morgan-Wicks then went on to list the legitimate reasons why health information could be accessed.

“Accessing health information because it would be convenient or interesting to know or by virtue of status, position, or level of authority is not legitimate access,” she said.

Despite the scale of the issue, as revealed by the above notices, only a handful of departmental employees have been reprimanded or dismissed from their roles for inappropriately accessing patient records.

Fewer than five departmental staff have been reprimanded and fewer than five dismissed since 2020, figures obtained by the Mercury show.

There are fewer than five ‘ED5’ investigations, which examine potential breaches of the State Service Code of Conduct, currently on foot relating to inappropriately accessing patient records.

A department spokeswoman said inappropriate access of patient records was “taken very seriously”.

She said the department undertook regular audits of access to health information “to ensure the highest standards and safety are upheld”.

“This includes checking rostering information to test the clinicians rostered in particular areas requiring access to a patient’s health record,” she said.

alex.treacy@news.com.au

More Coverage

Concerns linger despite Tassie town’s health service lifeline

Rob Inglis

Ambo, elective waits down as community paramedics divert 1260

Alex Treacy