Patient data disabled

Photo: ODT files
Photo: ODT files
A new patient information system used by general practitioners had to be disabled yesterday because of a risk of data breach.

The Otago Daily Times learned about the situation in a leaked email to southern GP practices.

The patient information system has been introduced over the past couple of months to many GP practices across the country, although the number of affected GPs was unavailable.

Last night the Ministry of Health said it was working with Medtech, the health IT company that runs the system.

``The ministry understands that patient demographic data has been transported from GP practices in an unencrypted form to an online Medtech hub.

``The sort of information that was transported without encryption includes the name, date of birth and gender of a patient.

``In light of the potential risk, the ministry has requested Medtech to temporarily disable the services that transports the information to its hub until Medtech issues a fix, which is expected later this week,'' the ministry said.

A Medtech spokeswoman said GPs might not be able to enrol new patients into the new system for a couple of days, but it would be resolved quickly.

An authorised administrator at a PHO had reported he could see data in an unencrypted form.

``Once alerted to the problem Medtech immediately secured the links and started work on a permanent fix.''

There had been no data breach, she said.

``Please know that no patient's clinical notes were ever at risk - the information that might have been seen if someone unauthorised happened to stumble across it was nothing about their health.''

Southern GPs were advised of the situation by WellSouth PHO, whose chief executive Ian Macara told the ODT it was difficult to get information yesterday about just what had happened and how serious it was.

Mr Macara said he had notified the Privacy Commissioner about the situation.

eileen.goodwin@odt.co.nz


 

Add a Comment

 

Advertisement