The ACC mixed up the records of two people and used the medical notes of one to decide how much compensation the other – a survivor of sexual abuse – should receive.
By Anusha Bradley for rnz.co.nz
Sarah* discovered the error last month after requesting a copy of her file and a digital fingerprint of her sensitive request, after suspecting her own privacy had been breached.
Instead, her request led to the violation of someone else’s privacy. Sarah was given her own file and among the documents was the 2018 disability assessment report written by an ACC psychiatrist used to determine the level of financial compensation she received from the agency.
“It was the first time I had seen him…and I was crying in frustration because there was so much she had [the psychiatrist] got it wrong,” Sarah said.
She quickly discovered the reason for the errors: medical notes belonging to another ACC client with a similar name to hers had been attached to the report and appeared to have been used to inform the psychiatrist’s report.
Sarah immediately alerted ACC to the error. “I asked them to shred this report because it contains so many untruths. I was told they could not destroy it, but I could attach a statement to the report correcting the wrong parts.”
“I said [to ACC]”How many people do you know who call for a privacy breach, and when they finally send you the information you want, you have a huge privacy breach attached to your case?”
“It’s crazy,” she said.
In a statement, the ACC acknowledged errors were made in Sarah’s medical records. “We can confirm that another customer’s five pages of information were mistakenly uploaded to [Sarah’s] file. We have contacted the customer to let them know this has happened,” ACC Customer Recovery Manager Phil Riley said.
“We regret the distress that the inaccuracies in [Sarah’s] report have caused. Supplier [the psychiatrist] is currently overseas and we will engage with her to discuss issues upon her return. In the meantime, we have offered [Sarah] a statement of correction to the report.”
Sarah said she didn’t feel like re-reading the assessment looking for errors because it was so upsetting. “I just can’t bring myself to go through this again.”
She was also concerned that she had not been asked to sign for two courier packages containing her files – and the notes of the other VAC client – even though VAC had requested that the delivery be signed for. “The first package was dropped off in my neighbour’s mailbox. The second has just been delivered to me,” she says.
The ACC acknowledged that the courier did not follow its own protocols.
“In both cases the courier did not meet our expectations. We have written to our courier company and will meet with them to discuss how we can ensure this does not happen again.”
The digital fingerprint of Sarah’s sensitive claims file showed it had been accessed once in the past two years, by an ACC employee reviewing a rehab program Sarah had attended.
The employee’s name was originally withheld, despite the inclusion of other employee names, until Sarah requested that the name be released.
Sarah felt her privacy had been violated because the ACC had not asked permission to open her file, but the agency said access was “warranted”.
“This type of analysis is part of our responsibility under ACC law and we are satisfied that access to your complaint was both lawful and appropriate and for legitimate business purposes.”
Sarah said the whole episode was “very painful” and that she would like the ACC to officially apologize for the mistakes he made.
*Name has been changed.
**This story originally stated that the psychiatrist’s report was completed ten years ago when it was completed in 2018. It also stated that RNZ requested an interview with the ACC when he had asked the ACC questions in an email. Both of these errors have been corrected.