‘I did access these records, harmlessly I felt.’


e-privacy

A NSW health professional inappropriately accessed 35 people’s medical records, some in the context of the “enormous pressure and stress of a messy family law court”

The NSW Civil and Administrative Tribunal has heard the case of a registered nurse who snooped in medical records.

It was alleged that between January and August 2019, while working in a hospital intensive care unit, the nurse inappropriately accessed her own medical records as well as those of 34 other persons, including family members involved in family court legal proceedings.

She had been criminally sanctioned for accessing the records of the family members.

It was also alleged that the nurse failed to appropriately notify the Nursing and Midwifery Board of Australia of her criminal sanction. 

The records had been held on an electronic database maintained by the Health District in which the hospital was located, with access to the records protected by a password.

In August 2019, the Health District received complaints alleging that she had accessed several people’s records without authorisation.

When the Health District investigated, it found she had accessed the records “for use and personal gain in external family court legal proceedings”.

Six of the people whose records the nurse looked at were either related to, or associated with, her partner, now husband, including two former partners of his, and his three children, as well as the husband himself.

Another 27 people appeared to have had no association with the nurse, nor were they patients of the ICU or in her care.

She also inappropriately accessed her own record.

She was fired and the Health District told NSW Police and the Independent Commission Against Corruption about its findings.

She pleaded guilty to one rolled-up charge relating to a sequence of 11 incidents of unauthorised access, relating to the family members. The Local Court then made a conditional release order.

While she was convicted, a later appeal quashed her conviction where the District Court made a conditional release order for 12 months.

The nurse did not face charges relating to accessing her own health records, or those of the non-family members she accessed.

In September 2019, when notified of the complaints about her actions, she emailed the Health District acknowledging that her behaviour was “unacceptable”.

“I did access these records, harmlessly I felt and was just looking at them, but never did I use them for my own personal gain, nor for legal proceedings,” she wrote.

“Anything that has been provided for external legal proceedings have been supplied by my partner with medical letters, receipts etc. he had put away from years ago.

“The records accessed were my partner’s children I had checked birth dates and that they weren’t in hospital, on authorisation of my partner.”

In s150 proceedings she acknowledged that she was breaking the law, but denied accessing the health records so that the information contained in those could be used in Family Court proceedings.

She “claimed that she accessed the records of her husband’s children as a spur of the moment thing which she was ‘pushed’ to do out of concern when one of the children failed to arrive for an access visit,” the Tribunal noted.

“She stated that her behaviour was ‘inexcusable’ but at the time ‘with the enormous pressure and stress of a messy family law court I felt I had no option’.”

As for the 27 non-family members whose records she accessed, at least six had never presented to the hospital where the nurse worked, and three had never presented at any NSW health facility.

One was admitted to the hospital in 2013, four had presented to the Emergency Department only in the time the nurse was employed at the hospital, and one died the day before the nurse looked at their records.

In the email to the Health District, the nurse wrote that she was “sincerely apologetic, disgusted and distraught by my actions” in snooping in these people’s records.

“I have looked up numerous records (you have attached) during my course of employment with [the hospital] but they have always been to do with my employment as a Registered Nurse whether they were patients in ED, patients coming to us from OT, patients I would be looking after and or patients I had looked after and sent to the ward and checking they had made it to rehab or was still thriving on the ward and even the luck patients who skimmed through without needing an ICU admission except being booked,” she wrote.

“I value the care of each and every one of my patients.”

In a January 2021 letter she wrote that “as for the other patients I sincerely cannot remember back then when or why I looked them up, nor do I know any of those people listed, but I do admit that if it was on my CAP log in that I would assume I had done it, as I never really left my CAP log in signed in”.

“I know and can admit that I have looked up in the past people in E.D (emergency department) at the hospital I am working with awaiting admission to Intensive Care, retrievals we may be accepting, that I could be looking after or will be in the pod I was working in, theatre cases that may be attending Intensive Care.

“Whether you would class this as interest in patients’ and patient care needs or being too nosey, it was never done maliciously or for any reason and I understand the breech [sic] of privacy and inappropriate nature of doing so and this is not accepted behaviour to do.

“I never looked up anyone for any reason or to breech [sic] patient privacy or cause any harm or trust issues with the patients.”

She said that she had accessed her own health records because a medical practitioner had asked for further details about a pathology test she had undergone for a virus.

At the time of the Tribunal hearing the nurse was employed part-time at another hospital and practising with conditions on her registration.

“The evidence of multiple searches made over an extended period casts doubt on the reliability of [the nurse]’s claim that the sole reason she accessed the health records of family members was to check on the birth dates of the children and to check on the well-being of the child who failed to attend a planned access visit,” the Tribunal noted.

“…it is apparent that [she] accessed the health records of family members for the purpose of providing information contained in those records to her husband in the knowledge that it would be used by him in the Family Law proceedings.

“In addition, she admitted accessing information contained in her husband’s health records for use by him in a compensation claim.

“Whether, as the [Health Care Complaints] Commission contends, this can be characterised as being for ‘personal gain’ is beside the point. Her actions were ‘well meaning’ in the sense that at the time she considered it was necessary and appropriate to support her husband.

“However, her actions in accessing the information for a purpose unrelated to her duties as a nurse were nonetheless, as [the nurse] properly concedes, both improper and unethical.”

The Tribunal said that given no plausible explanation was given for accessing the health records of non-family members, it was left with a “sense of unease” as to whether it could happen again.

The Tribunal found the nurse guilty of unsatisfactory professional conduct and professional misconduct and cancelled her registration with a non-review period of six months.

It said the conduct was a very serious breach of her ethical obligations with respect to the use of health records.

The Tribunal also determined that the decision not take effect for 60 days due to the demand for intensive care nursing services during the COVID-19 pandemic.

Previous ‘We are mindful of … potential unintended consequences.’
Next QR codes could become ‘flashpoint for customer abuse’

NOTICE: It can sometimes take awhile for comment submissions to go through, please be patient.

2 Comments

  1. Jeff Lerner
    05/10/2021

    The report above states: “She also inappropriately accessed her own record.”
    Can someone explain why this is considered inappropriate?

    • Jarrod McMaugh
      07/10/2021

      Because she accessed it utilising the credentials of her employer, rather than via her own personal access credentials.

Leave a reply