The Dominion Post reports that a hospital worker in New Zealand has been fired for misusing their position to access “patient files without legitimate reasons.” Cases of insiders abusing their access privileges are not unusual in the United States or internationally: a former detective sergeant in Australia pleaded guilty to repeatedly using a police computer “to get the details of women he had seen in public”; a U.S. Department of State employee was sentenced “to 12 months of probation for illegally accessing more than 125 electronic passport application files”; and an employee of Johns Hopkins Medicine was sentenced to 18 months in prison for stealing patient data — the employee “provided a conspirator with names, Social Security numbers and other identifying information of more than 100 current and former patients of Johns Hopkins.”
The Dominion Post reports:
A report prepared for Hutt Valley District Health Board revealed three staff members at the hospital were investigated for potential privacy breaches in October and December.
Acting chief executive Michael Hundleby said two breaches were upheld while in the third case the person had a legitimate reason for accessing the file.
“The two people who were found to have used files inappropriately were both administration staff. One was dismissed and the other received a written warning.” […]
Assistant Privacy Commissioner Katrine Evans said the type of situation experienced at Hutt Hospital was often known as “employee browsing”. Complaints about this type of inappropriate “browsing” were received from time to time. “We’re aware of several other situations recently in which employees have been sacked for inappropriate access to information, for example, in the health sector or in government agencies.” […]
“But their employers are waking up to the problem too – government agencies and businesses have huge amounts of information about people, and the responsible ones know how important it is to keep it safe.