See the full article at Radio New Zealand: ACC privacy breach victim ‘felt suicidal’
This story is about a the effects of a data breach on New Zealand woman with very sensitive information in her electronic health records.
Like “Julie” who told the story of how her mental health records were exposed throughout Partners Healthcare system, the New Zealand woman is also a victim of sexual abuse. The New Zealand corporation holding her data sent it to someone else along with information on thousands of other people.
Similar to the experiences reported by US victims of health data breaches, the response to her data breach was underwhelming and irrelevant to the resulting damages: ie, emotional damage, loss of trust in the data holder, and no compensation for future ID theft or medical ID theft. No assurances or remediation were offered against future use or sale of her information, even though it often takes years to discover ID theft and medical ID theft. She was offered $250 as compensation, and the data holding corporation stated the amount was “based on the extent of the breach and the level of harm or potential harm associated with it, as well as the client’s individual circumstances.” Clearly an inadequate, insensitive response.
Apparently inadequate, ineffective, insensitive responses to data breaches occur across the globe.
In the US, there is no “chain of custody” for any sensitive personal information and no way to control who gets it. There is no way to track or prevent the flow of health information to hidden data users and thieves. BUT, you can help by adding to the map of hidden flows at theDataMap.org. US patients can’t weigh the risks vs. benefits of using electronic health systems without knowing who has copies of personal health records, from prescription records to DNA to diagnoses. WE don’t know if it is sold as intimate health profiles, used for ‘research’ or ‘data analytics’, for fraud, for extortion, or for ID or medical ID theft, etc, etc.
In the US, few Congressional leaders fight to restore patient control over health data and to ensure data security. Most in Congress votes for the hidden data mining industry against the public interest and against patients’ rights to health information privacy. Two leaders, the co-chairs of the House Privacy Caucus, Representatives Barton and Markey, received “Louis D. Brandeis Privacy Awards” at the 2nd International Summit on the Future of Health Privacy in Washington, DC on June 6th. See: www.healthprivacysummit.org or http://tiny.cc/nrhkgw for the agenda. The video of the Celebration of Privacy will soon be posted there.
Electronic health information is THE most valuable personal information on Earth—and US corporations and government see and use it without our knowledge or consent to make decisions about us. Tell Congress to put you in control over who can see your sensitive electronic health information—-to protect your job, reputation, and your children’s futures.