Medicare has revealed multiple cases of patients’ claims data being uploaded to the wrong My Health Records
Medicare has revealed multiple cases of patients’ claims data being uploaded to the wrong My Health Records because of mix-ups over individuals with similar identifying information.
In the year to last June, Medicare discovered five cases of “intertwined” customer records arising from confusion over patient identity, a Department of Human Services spokesperson said.
“Intertwined Medicare records can occur as a result of human error. However, it is important to highlight that when considering the number of Medicare records that exist (in excess of 23 million), the occurrence of this error is very rare.”
The errors came to light in the annual report of the Office of the Australian Information Commissioner, which is responsible for mandatory data breach notifications.
During the year, the OAIC received another eight notifications involving fraudulent Medicare claims which had resulted in wrong data being uploaded to Medicare records and then flowing to My Health Records.
The eight notifications involved 86 separate data breaches, the OAIC said.
These cases were picked up through Medicare compliance checks.
“The department has a proactive strategy for identifying and resolving intertwined Medicare records and fraudulent claims. As we become aware of such cases, they are actioned immediately and affected My Health Records are corrected,” the spokesperson said.
The OAIC also received a data breach notification that arose from incorrect linkage of MyGov accounts, where a number of individuals were linked to other people’s electronic health records.
Separately, it recorded two notifications where My Health Records had been accessed by an unauthorised third party.
Dr Nathan Pinskier , Chair of the RACGP’s eHealth and Practice Systems Committee, said there had always been cases of Medicare fraud but it was unclear how the intertwined identity mix-ups had occurred.
“Our concern is about wrong information getting into people’s records, but it is good these breaches have been picked up,” he said.
However, one outstanding problem was that heavy fines for data breaches could stop private organisations from reporting errors, leaving them uncorrected.
“By and large the system works well, but there are always going to be some errors,” he said.
“We want to make sure in the private sector the penalties are not so onerous that people are deterred from reporting because it will be too much of a financial headache.”