THE private eHealth records of numerous patients have been breached by healthcare providers and other myGov account users.
TWO data breach notifications were received by the Information Commissioner last financial year in regards to the government administrated online health system.
The first allowed healthcare providers to view the personal health notes of consumers following a flawed technical change to the eHealth system, according to the Commissioner’s annual report. The eHealth system operator identified the cause in December and a fix was put in place to prevent further access. The second data breach, which occurred in May, came about while consumers were linking their personal eHealth records to the myGov website – a one stop shop for all online government services. In some cases the previous computer user had not logged out of their myGov account. That meant that when the second user’s eHealth account was linked to myGov, the first user gained access to both sets of eHealth records. The Information Commissioner said the cause of the breach was not related to myGov and strategies had been implemented by eHealth’s system operator to prevent it from occurring again. After reviewing both breaches, the Information Commissioner determined the responses were appropriate and no further action was required.