Inquiry Initiated by the Privacy Commissioner
Canterbury District Health Board
Discovery of patient notes in an abandoned hospital building
Background to the Inquiry
On 18 May 2002, the Christchurch Press reported that confidential psychiatric records had been found in an abandoned Sunnyside Hospital building in Christchurch. As a result, the newspaper reported, an internal hospital inquiry had begun and the Privacy Commissioner and the Health and Disability Commissioner had been informed.
The Privacy Commissioner was advised that, in November 2001, an amateur photographer had broken into the abandoned building and had found records pertaining to patients at the old Sunnyside Hospital.
The woman found a 1989 duty diary which detailed events in the hospital, including deaths, suicides, assaults, escapes and treatment of patients. The diary named more than 100 patients from a large number of wards. The woman also found a number of patient information sheets which listed bank account numbers, social security numbers and next of kin. Typical excerpts from the diary include:
- (Patient) left ward via window. After a search was found on Wrights Rd overbridge about to jump. With difficulty was restrained and returned.
- (Patient) rocking, ruminating and remained resolved about her intentions to end her children's lives until 0200 hours when she fell asleep with assistance of medication.
The hospital demanded that the (stolen) files be returned.
Action Taken by Canterbury District Health Board
Vince Barry, General Manager of Mental Health Services advised that the building was supposed to have been cleared of documents when it closed in 2000. All other buildings were checked and no other documents were found.
Mr Barry apologised for what had occurred and reassured patients and their families that no patient files were among the documents returned to the hospital by the newspaper.
The DHB began an internal inquiry into the matter.
Canterbury DHB's Internal Inquiry
The documents had apparently been held by the finder for some months. The identity of the finder was not disclosed to the DHB so it was not possible to confirm where the diary had been found and, in particular, whether it had been found in the old Sunnyside hospital building. The DHB noted that there are numerous buildings on the Sunnyside (now Hillmorton) hospital site that have been decommissioned over the last few years.
The focus of the DHB's report was the process by which the building was decommissioned. This revealed that:
- The main Sunnyside building was vacated in October 2000.
- It previously housed a number of services which had been moved to more appropriate accommodation as the site was redeveloped.
- Large parts of the building were vacant at this time.
- A Project Manager supervised the move of the Administration department. Papers, documents and old furniture left in the building were cleared.
- The Facility Service Manager of Hillmorton Hospital reviewed any documents found.
- Documents not required for clinical purposes were disposed of via secure document destruction.
- The building was locked, windows were boarded and the perimeter was fenced.
- The site was signed to clearly indicate that persons entering would be trespassing.
- The buildings were maintained by building and maintenance services with frequent patrols being conducted by a contracted security company.
- Since then, there have been occasions when the old buildings have been broken into.
- As much of the building is regarded as unsafe, neither the police nor security patrols have entered the building.
- In each case where entry has been detected, Building and Maintenance Services have re-secured the access points.
Following the individual going to the newspaper, the General Manager, Mental Health Services requested a further search of the building. This search was conducted on 17 May 2002 and did not reveal any further sensitive documents remaining in the former Sunnyside hospital building.
The former hospital buildings are currently in the process of being demolished and it is anticipated that demolition work will be completed by February 2003.
Canterbury DHB has acknowledged that the incident has highlighted the need to ensure that reasonable safeguards are in place for the protection of health information. It has submitted that when the building was vacated, documents were removed and the building was then secured. Any information which was disclosed was as a result of illegal entry to the building and the theft of some documents. Canterbury DHB accepts that all patient information should have been removed.
The Privacy Act
The incident raises issues under Rule 5 of the Health Information Privacy Code. Rule 5 provides:
(1) A health agency that holds health information must ensure:
(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:
(ii) access, use, modification, or disclosure, except with the authority of the agency; and
(iii) other misuse;
(b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the health agency, including any storing, processing, or destruction of the information, everything reasonably within the power of the health agency is done to prevent unauthorised use or unauthorised disclosure of the information; and
(c) that, where a document containing health information is not to be kept, the document is disposed of in a manner that preserves the privacy of the individual.
(2) This rule applies to health information obtained before or after the commencement of this code.
Under this rule, an agency is obliged to have in place systems to ensure that reasonable security safeguards are in place to protect information that it holds.
Notwithstanding that a search of the building was conducted when it was vacated, the building was secured and documents were removed, it appears that the process was not adequate to ensure the protection of health information. Indeed, it appears that some documents remained in the building, and it was not sufficiently secured to prevent illegal entry and theft of some sensitive information.
In order to avoid the repetition of such an incident, the following decommissioning process will be implemented by the DHB:
- When vacating premises, all documentation, irrespective of source or content, should be removed;
- The relevant Service Manager should sign off that this has been done;
- Following the move, a person should be designated responsibility by the Site Redevelopment Manager via the relevant Project Manager for physically checking that clearance has occurred;
- The responsible person should retrieve any items that could be regarded as health or otherwise sensitive information; and
- The process should be signed off as being completed.
Having considered the information provided to me by the DHB, I am satisfied that the incident which is the subject of my Inquiry is an isolated one and that the DHB has taken appropriate steps to avoid its recurrence. In particular I note it has formalised a Decommissioning Process which it will use in the future when a site is vacated and records and documents need to be relocated. I consider it essential that such a process is followed.
I have brought this report to the attention of all District Health Boards and to the Private Hospitals Association so that they may adopt appropriate procedures for decommissioning of hospitals. I do not consider any further action on my part is necessary.
B H Slane