The Times Australia
The Times World News

.
Times Media

.

Attempts to access Kate Middleton’s medical records are no surprise. Such breaches are all too common

  • Written by Bruce Baer Arnold, Associate Professor, School of Law, University of Canberra

The alleged[1] data breach involving Catherine, Princess of Wales tells us something about health privacy. If hospital staff can apparently access a future queen’s medical records without authorisation, it can happen to you.

Indeed it may have already happened to you, given many breaches of health data go under the radar.

Here’s why breaches of health data keep on happening.

Read more: Yes, Kate Middleton's photo was doctored. But so are a lot of images we see today[2]

What did we learn this week?

Details of the alleged data breaches, by up to three staff[3] at The London Clinic, emerged in the UK media this week. These breaches are alleged to have occurred after the princess had abdominal surgery at the private hospital earlier this year.

The UK Information Commissioner’s Office is investigating[4]. Its report should provide some clarity about what medical data was improperly accessed, in what form and by whom. But it is unlikely to identify whether this data was given to a third party, such as a media organisation.

Read more: After the Medicare breach, we should be cautious about moving our health records online[5]

Health data isn’t always as secure as we’d hope

Medical records are inherently sensitive, providing insights about individuals and often about biological relatives.

In an ideal world, only the “right people” would have access to these records. These are people who “need to know” that information and are aware of the responsibility of accessing it.

Best practice digital health systems typically try to restrict overall access to databases through hack-resistant firewalls. They also try to limit access to specific types of data through grades of access.

This means a hospital accountant, nurse or cleaner does not get to see everything. Such systems also incorporate blocks or alarms where there is potential abuse, such as unauthorised copying.

But in practice each health records ecosystem – in GP and specialist suites, pathology labs, research labs, hospitals – is less robust, often with fewer safeguards and weaker supervision.

Read more: Vaccination status – when your medical information is private and when it's not[6]

This has happened before

Large health-care providers and insurers, including major hospitals or chains of hospitals, have a worrying[7] history[8] of digital breaches[9].

Those breaches include hackers accessing the records of millions of people. The Medibank[10] data breach involved more than ten million people. The Anthem[11] data breach in the United States involved more than 78 million people.

Hospitals and clinics have also had breaches specific to a particular individual. Many of those breaches involved unauthorised sighting (and often copying) of hardcopy or digital files, for example by nurses, clinicians and administrative staff.

For instance, this has happened to public figures such as singer[12] Britney Spears[13], actor George Clooney[14] and former United Kingdom prime minister Gordon Brown[15].

Britney Spears
Britney Spears’ medical records were also the subject of a data breach. Nina Prommer/EPA/AAP

Indeed, the Princess of Wales has had her medical privacy breached before, in 2012, while in hospital pregnant with her first child. This was no high-tech hacking of health data.

Hoax callers from an Australian radio station tricked[16] hospital staff into divulging details over the phone of the then Duchess of Cambridge’s health care.

Read more: Did 2Day FM break the law? And does it matter?[17]

Tip of the iceberg

Some unauthorised access to medical information goes undetected or is indeed undetectable unless there is an employment dispute or media involvement. Some is identified by colleagues.

Records about your health might have been improperly sighted by someone in the health system. But you are rarely in a position to evaluate the data management of a clinic, hospital, health department or pathology lab.

So we have to trust people do the right thing.

Read more: What is HIPAA? 5 questions answered about the medical privacy law that protects Trump's test results and yours[18]

How could we improve things?

Health professions have long emphasised the need to protect these records. For instance, medical ethics bodies condemn[19] medical students who share[20] intimate or otherwise inappropriate images of patients.

Different countries have various approaches to protecting who has access to medical records and under what circumstances.

In Australia, for instance, we have a mix of complex and inconsistent laws that vary across jurisdictions, some covering privacy in general, others specific to health data. There isn’t one comprehensive law and set of standards vigorously administered[21] by one well-resourced watchdog.

In Australia, it’s mandatory to report data breaches[22], including breaches of health data. This reporting system is currently being updated[23]. But this won’t necessarily prevent data breaches.

Read more: Government's privacy review has some strong recommendations – now we really need action[24]

Instead, we need to incentivise Australian organisations to improve how they handle sensitive health data.

The best policy nudges[25] involve increasing penalties for breaches. This is so organisations act as responsible custodians rather than negligent owners of health data.

We also need to step-up enforcement of data breaches and make it easier for victims to sue for breaches of privacy – princesses and tradies alike.

Read more: Where’s Kate? Speculation about the 'missing' princess is proof the Palace’s media playbook needs a re-write[26]

References

  1. ^ alleged (www.abc.net.au)
  2. ^ Yes, Kate Middleton's photo was doctored. But so are a lot of images we see today (theconversation.com)
  3. ^ up to three staff (www.mirror.co.uk)
  4. ^ is investigating (ico.org.uk)
  5. ^ After the Medicare breach, we should be cautious about moving our health records online (theconversation.com)
  6. ^ Vaccination status – when your medical information is private and when it's not (theconversation.com)
  7. ^ worrying (www.theguardian.com)
  8. ^ history (www.afr.com)
  9. ^ digital breaches (www.innovationaus.com)
  10. ^ Medibank (www.theguardian.com)
  11. ^ Anthem (www.hipaajournal.com)
  12. ^ singer (www.latimes.com)
  13. ^ Britney Spears (journals.lww.com)
  14. ^ George Clooney (www.nytimes.com)
  15. ^ Gordon Brown (www.theguardian.com)
  16. ^ tricked (theconversation.com)
  17. ^ Did 2Day FM break the law? And does it matter? (theconversation.com)
  18. ^ What is HIPAA? 5 questions answered about the medical privacy law that protects Trump's test results and yours (theconversation.com)
  19. ^ condemn (www.bmj.com)
  20. ^ share (www.abc.net.au)
  21. ^ vigorously administered (theconversation.com)
  22. ^ data breaches (www.oaic.gov.au)
  23. ^ being updated (theconversation.com)
  24. ^ Government's privacy review has some strong recommendations – now we really need action (theconversation.com)
  25. ^ nudges (onlinelibrary.wiley.com)
  26. ^ Where’s Kate? Speculation about the 'missing' princess is proof the Palace’s media playbook needs a re-write (theconversation.com)

Read more https://theconversation.com/attempts-to-access-kate-middletons-medical-records-are-no-surprise-such-breaches-are-all-too-common-226303

The Times Features

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

6 things to do if your child’s weight is beyond the ideal range – and 1 thing to avoid

One of the more significant challenges we face as parents is making sure our kids are growing at a healthy rate. To manage this, we take them for regular check-ups with our GP...

Times Magazine

12 Benefits Of Acquiring An Education In Australia

Australia offers great opportunities for international students. The country boasts world-class universities, a relaxed and affordable lifestyle, and sunny weather all year. It’s no wonder that so many students from around the world come to Austral...

Best Practices to Improve Your Email Marketing Results

Email marketing is a powerful tool that businesses of all sizes can use to reach their target audience. It can help to promote products, services, and events, and build relationships with customers by providing them with relevant and useful content. ...

Tips on Safer Surfboard Storage

When you’ve invested money to buy the best softboards in Sydney, you want to do everything you can to keep that investment safe and secure, right? A big part of doing that is knowing all the best practices when it comes to safe and proper storage f...

The Best Venues for Hire in Melbourne that Suit Your Needs

Definition of Venue Hire When planning an event, one of the most important decisions is choosing the right venue. Venue hire refers to the process of renting a space for a specific period of time to host an event. This can include conference cen...

The nitty gritty: 7 cell phone booster for rural area FAQs answered

Cell phone signal boosters have long been a lifesaver for people living in rural Australia. Think about it: our wide, sunburned land is famous (or infamous) for its isolated stretches, the kind in which you might not see a single soul for days. ...

The Power of Digital Marketing: Strategies for Success in the Digital Age

Digital marketing has emerged as a cornerstone of contemporary business strategies, revolutionizing how products and services are promoted and consumed. Since its inception in the 1990s, alongside the rapid growth of internet usage, digital marketi...

Times Media

Times Men
Times Women
Times Health
Times Fashion & Beauty
The Rural Times
Times House & Garden

News Services

Times Traveller
The Business Times
Weekend Times
The Property Times
The Times
Times Food

Times Media

Times Driving
Modern Australian
Viw Magazine
New Magazine
Business Daily Media
The Bulletin