So I am pretty bad at going to the doctor on time, yes I am one ofย those people who get the overdue notifications on the weekly.
I finally had enough courage to turn up to get my regular medication. Generally, when doctors release scripts itโs one of those situations where you put your script in your bag and run out.
When I needed to return back to the doctor, overdue of course. I realised that when I was consulting my nurse, they asked me my date of birth, which is totally normal. But then I heard this awkward silence, โthat is not correct Miss Breenโ. I was actually super concerned that I couldnโt remember my date of birthโฆ#awkward.
The doctor then called me by a different name, and it wasnโt Karissaโฆ it was some randoms name! I then took back the script to realise that the document was actually not my scriptโฆ it was in fact someone elseโs! I perused the document and yep there it was, full name, date of birth, address and phone number, enough to create a fake identity under this personโs name. Things were definitely uncomfortable on both ends by this point.
The part that set me back by this situation was that no one from the doctor’s surgery really knew how to handle the situation. After some backwards and forwards, I started to feel pretty bad that I had a random personโs private details in my hands. For someone who is a security person, this raised great concerns as I am not sure if everyone would be honest as I was about this situation.
When you hear on the news around data breaches, this is an example of an accident that could go terribly wrong. My original doctor wasnโt actually in that day, so another doctor had to โmake some changesโ on my script. I then had to go back to the pharmacy with an โupdatedโ script.
But, what concerns me is that I actually donโt know if this same situation with my details has landed in the hands of some other random in Sydney and is floating about. I think the main problem is the lack of due diligence on both ends. I probably should have checked before leaving the doctor when I was issued with the script. Although, I do believe doctors need to be mindful of ensuring they are not giving away sensitive information to the next person.
Theย Verizon Data Breach Investigation Reportย is an annualย report on data breach trends. Verizon uses questionnaires and hundreds of key industry players to contribute to the report with data and feedback.
Healthcare is usually one category in the report. Take a look atย the 2017 report, you can find the relevant section on page 22. According to the report, the major reason of data breaches in healthcare are:ย ‘Human Errors’ย (the report calls it ‘Miscellaneous Errors’) andย ‘Physical Theft and Loss’.
The paragraph with the headingย “A comedy of errors”ย perfectly shows what Human Errors mean and actually this ties into my current example shared above.
Check out page 50, there is a section dedicated toย “Miscellaneous Errors”elaborating this data breach type in detail.
If you open the 2016 report, and look for the similar sections, you see it has not really changed over time. Human Errors in Healthcare is #1. If you go to page 11, the matrix underpins this claim.
Check it out here:
The takeaway from my own experienceย is that humans make mistakes and training can help prevent these situations from happening. Implementing correct processes in place would have remediated this situation quickly and would limited upheaval.
Here is the example of the script, for privacy reasons, the details have been redacted.
For Australians, The Australiaย Privacy Foundation raised the threats of the consolidated patient register calledย My Health Record.
Human errors are a bad case of things like this going wrong. This is my own personal story and I wanted to share with you that these types of incidents happen on the daily and it is not always an organised crime for these types of events. I would be super keen toย hearย your own personal stories, with something similar.
Keep on keepinโ on,
KB