Audit report finds privacy and security problems at ACT Health

0
51

An audit of ACT Health has uncovered potential violations of privacy and processing errors and  a mystery $5.2 million debt to Calvary Hospital which turned out never to exist.

The 2013-14 ACT Audit Office report, released in December 2014, evaluated the performance of all ACT directorates, including debt, data security and fraud prevention.

Despite giving ACT Health an unqualified outcome, the office found a large number of problems throughout the department which could have led to fraud and corruption.

A directorate spokesman said a number of the problems were not as severe as presented and others had already been fixed to improve hospital security and services.

The report said payments to suppliers had been authorised by staff with no authority to do so, while one payment for gifts and hospitality was put through by a staff member without financial delegation.

“There is a higher risk of erroneous, irregular or fraudulent payments when payments are authorised by officers who do not have the required financial delegation,” the report said.

In some cases, there was no evidence of good or services being received before they were paid for.

“While representatives of the directorate advised that these payments were for goods and services that were satisfactorily received, there is a higher risk of … fraudulent payments,” the report said.

Auditors found a large amounts of patient information was clearly available on the billing screens, including date of birth, Medicare card number and admission and discharge dates, but there was no evidence of reviews of staff access being conducted.

Auditors said it could lead to unauthorised or unnecessary access to personal patient information.

A $5.2 million ACT Health debt which Calvary Health Care ACT claimed it was owed for public hospital services was later found to be non-existent, after Calvary corrected it.

The ACT Health spokesman said the directorate had put in place a new process for certifying receipt of goods and services and had issued a message to staff confirming the need to observe proper financial delegation.

He said there had been a review of users and access levels on the hospital billing system in November and another would take place shortly.

The spokesman said there had been no incidences of goods or services being paid for before they had been received and only two where staff exceeded their financial delegation limit.

Calvary Hospital did not return calls for comment.