Monday, February 7th, 2011
From the outset we advocate all patients should have a choice about who continues their treatment when a health professional leaves a practice and moves to another location. However, a patient should always be informed when their personal information is intended to be removed from a practice and be able to provide written permission to do so.

The patient should always have the opportunity to question how their data is going to be transferred and what security measures are in place to prevent their information from being compromised during transfer.

The computerisation of patient records and resulting increased potential for theft of patient information is not dealt with under the current Health Act or under the Crimes Act in Australia. There are no laws in any state or federally which deal with theft of patient information by health professionals.

There are civil remedies, however by the time proceedings are dealt with by the courts the patient information has already been compromised and likely circulated.

As Governments have encouraged computerisation of patient information and implementation of the secured transfer of data between varying health services there remains no deterrent at all to the theft of this information by unethical health professionals.

On the plus side computerisation does introduce opportunities, if supported by law, to quickly inform of breaches and therefore limit to some extent the damage to persons on these databases.

In short, a Health Professional can steal patient information with total immunity from prosecution by Police. Imagine a circumstance where an unethical health professional steals the patient data base of a practice and provides it to persons for use in identity theft, the fastest growing crime in the western world.

Health Professionals are acutely aware there are provisions and guidelines provided by Government, the Health Commission and the various governing bodies for each health discipline on the security and movement of patient information. Unscrupulous health professionals choose to ignore these protocols putting their colleagues, the practice and the patients at risk. They completely ignore their obligations and steal a practice using patient information to facilitate the process. Rather than resorting to theft all they need do is follow a simple protocol that is designed to protect all stakeholders and honour their obligations to their employer.

The primary motivation for an unscrupulous health professional not following the correct procedures is greed. If you knew your personal information, was obtained this way by your health professional, would you still feel confident they have your best interests in mind? Are you absolutely sure they will not do it again and that your information is safe?

The unsecured removal from a practice of patient information provides opportunities for data to fall into the wrong hands. A health professional who steals patient data has already compromised their ethics, breached a patients right privacy and caused the practice, from which the theft occurred, to breach privacy obligations with its patients and has not considered the consequences should that information fall into the wrong hands. It is also likely a person of this character will reoffend and stolen information could easily end up with persons whose motivation has far more dire consequences.

The Health Industry is not isolated to this type of theft. Theft of customer databases, across all industry sectors is rife.

When personal data is provided by patients to a practice they have to be confident it can never, under any circumstances, be misused.

There should be severe consequences for offending health professionals, who remove information from a practice, without the prior knowledge of the patient.

While there remains no provision under the crimes act, of any state, that give the Police powers to lay charges, for theft of patient or customer databases, all persons who provide personal information to a business or organisation remain at risk of having their personal information stolen with complete immunity provided to the perpetrator.

We know of two recent incidences in Sydney of Patient Data Theft. Whilst there are proceedings, or about to be proceedings against, the health professionals concerned, we cannot name them here today, however once in the public domain we will publish their information.

If you are concerned about an anomaly in our legal system that allows the potential theft of your identity to go unchecked you should be insisting our Governments provide measures that ensure your privacy and provide legislation that will allow offending individuals to be prosecuted by Police with severe penalties if found guilty.

We ask if you agree to contact your local member and voice your concerns. They, like our local member, will be dumbfounded this type of theft has no consequences in law.

Contact Profile

City Clinic

City Clinic is a Sports, Workplace Injury, Fitness & Health Management Centre located in Sydney's CBD
Brad Robinson
P: 02 9299 4977


Ethics, Data Theft, Data Security, Immunity, Patient Information Theft,



More Formats

View QR Code