Four Information Technology forÂ health care companiesÂ warned that a primary health organization (PHO) puts medical information at risk from 800,000 patients, according to expert reports onÂ enterprise data protection services.
On 17 July, HealthLink, Medtech Global, MyPractice and Best Practice Software, based in New Zealand and Australia sent a letter to the New Zealand Privacy Commissioner. In the letter, they explain having discovered in last June that the PHO ProCare Health had been storing hundreds of thousands of patient data, including names, addresses, financial information, clinical data and medication histories in a database called â€śClinical Intelligence Systemâ€ť.
The four companies recognize that they donâ€™t know the range of data collection, but they stated it was unacceptable to store so much data in a single place. They clarified that data storage was particularly worrying because most patients and some general medics seem to know nothing about the ProCare database, according to reports of experts in enterprise data protection services. Therefore, the companies argued that, in the less bad case, ProCare Health could have undermined patientsâ€™ confidence in the public health system and, in the worst cases, violated the New Zealand Health Information Privacy Code.
As the companies explain in their letter, â€śat a time when attitudes towards the patientâ€™s privacy change in favor of providing greater protection to the user, here is an organization that does not have a direct relationship with the patient and asks doctors to helpÂ accumulate all records of patients they may have access toâ€ť.
On the other hand, ProCare Health denies any breaches. The company stated that it depends on the consent to collect the information they need from the patients when they visit a doctor. The clinical director, Dr. Allan Moffitt, mentioned in a statement that ProCare Health makes great efforts to protect patient information once it is collected.
â€śProCare Health has strict procedures to ensure that the patientâ€™s individual privacy is protected and data is used to improve health care provision and planning. ProCare takes the attention of patients and their records really seriously, and has very strong frameworks and processes to ensure that all legal obligations are fulfilledâ€ť, the company statement mentions.
A Privacy Commissionerâ€™s spokesman said the office received the letter from the four companies and would review the case to determine if subsequent legal actions are justified, as reported by experts in enterprise data protection services from the International Institute of Cyber Security.
Thinking about digital threats, health care organizations must ensure that they have taken appropriate measures to protect digital health records of patients.