Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National

NT information commissioner seeks to distance himself from privacy breach of public health files

Peter Shoyer says he was contacted by the government regarding the privacy breach. (ABC News: Ian Redfearn)

The Northern Territory information commissioner says he offered only "brief advice" to the government regarding a privacy breach of medical records before the incident was “managed in-house” and subsequently kept secret.

The ABC revealed on Thursday that more than 50,000 patients had their health files sent between two NT government departments in 2018 and 2019 as part of a software system upgrade.

More than 3,000 identifiable records were then transferred to global software vendor Intersystems, which has offices in 27 countries including in Europe, South America and China.

Some patient items were classed as having very-high or high clinical risk, such as psychology reports and psychiatric facility visits, termination of pregnancy or stillbirth records, and electroconvulsive therapy — also known as electric shock therapy — records.

Chief Minister Natasha Fyles, who was health minister at the time, never made the privacy breach public.

Then-health minister and current Chief Minister Natasha Fyles didn't notify the public about the breach. (ABC News: Michael Franchi)

"I was advised in a flash brief and also at the chief executive meetings, but I had no role … around decisions [not to tell the public]," she said.

When asked why she didn't notify the public, Ms Fyles said the information commissioner had been notified.

Responding to questions from the ABC, Information Commissioner Peter Shoyer said he was first contacted in October 2019 by the Department of Digital and Corporate Development and NT Health "in relation to disclosure of patient information to a third-party IT contractor".

Mr Shoyer said he "provided brief advice on further potential steps" after being given "a substantial number" of de-identified files.

"While there were a substantial number of files, it does not appear to coincide with the numbers referred to in [the ABC] report," he said.

"The difference may be due to the early stage of the investigation at that time.

"We provided brief advice to the departments on potential further steps including … a requirement for both departments to be satisfied that the relevant personal information had been sufficiently contained."

Mr Shoyers said other advice included a need to evaluate the information in more detail to consider whether there were patients who should be told about the breach.

He offered to assist both departments further but was told "the privacy breach was being managed in-house".

"There was no further request for assistance," he said.

'Process scrutinised thoroughly'

Chief executive of NT Health Marco Briceno said his department "consulted extensively at the time with the information commissioner".

"Because this information was not used against what it was intended to, and it did not leave the security of the system, then we didn't think that we were actually in breach of the law," he said.

"However, the process was scrutinised thoroughly by the commissioner and we're still working with the information commissioner now to ensure that we are not in breach of legislation."

Mr Briceno said the decision not to notify the public was "made by NT Health, by the chief executive of the time, and the senior executive team of the time, based on our obligations in the [NT Information Act]," he said.

"The commissioner of information confirmed what our obligations were."

Marco Briceno says the decision not to notify people affected by the privacy breach was made by NT Health. (ABC News: Che Chorley)

Mr Shoyer said current NT legislation did not require agencies to notify individuals subject to a data breach.

"My office has worked with NT government officers over time to advance development of a whole-of-government approach to data breach reporting but there is as yet no mandated system," he said.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.