These proceedings concern a complaint that the applicant's privacy was breached by the respondent's staff members whilst she was a patient in hospital. The applicant alleges that she overheard hospital staff members discussing a variety of sensitive personal details about her, including her financial and health information and information about her family, over a period of three days when she was recovering from an operation. The respondent has investigated the applicant's complaint and its position is that the alleged conversations did not occur.
[2]
Background
On 20 March 2014, the applicant applied for internal review in respect of an alleged breach of her privacy by completing and submitting an application form. She identified the conduct she was complaining about as being the disclosure of her personal information to other persons and the failure to protect her personal information from being inappropriately accessed by someone else. On the form, she said that this had occurred between 11pm on 5 March 2014 and 6am on 6 March 2014.
The applicant's complaint relates to alleged conduct by staff of the respondent whilst the applicant was a patient at a hospital operated by the respondent ("the Hospital"). The applicant was, at the relevant time, also a staff member at the Hospital.
The applicant had an operation at the Hospital on 4 March 2014. She was transferred to a ward after the operation. I will refer to this ward, for convenience, as "the applicant's ward."
In her internal review application, the applicant stated that, on the night of 4 March 2014, she was woken by a loud female voice from the nurse station, mentioning the applicant's profession at the Hospital, saying that the applicant denied having Hepatitis B and saying "she needs to be quarantined." The applicant stated that the female voice also said: "We need to send her to sexual health." The applicant reported that she also heard a female voice saying "Why not give her immunoglobulin?" and a male voice replying "She has immunity."
The applicant stated in her internal review application that, on the night of 5 March 2014, she heard staff on the night shift talking loudly about her around the nurse station and the public area after 11pm. She says that heard them discuss information about her including information about:
1. the visa the applicant was granted when she came to Australia;
2. whether she had a criminal record;
3. the applicant's professional registration details;
4. her previous employment at another (named) hospital;
5. the applicant's ultrasound record;
6. her medical result with a named vascular surgeon;
7. the circumstances in which the applicant delivered a live baby at another hospital in 2001;
8. the applicant's religion;
9. the amount of money she paid to bring her parents to Australia;
10. her parents' visa application and reference to photographs of her parents;
11. her parents' health records;
12. her separation from her husband, identifying her husband by name;
13. details about her husband, including about his studies and his departure from Australia;
14. Centrelink payments to the applicant and details of payments into and out of her bank account, details of the sale of a property she owned, the amount of her home loan and the fact she had an investment property;
15. her previous residence in Blacktown;
16. a suggestion that the applicant and another patient could share the same blood pressure monitor because the applicant has Hepatitis B and the other patient has Hepatitis C; and
17. her being due for discharge in the morning and the staff members' intention to send her back to the community "for six-month monitoring".
The applicant's application for internal review also contained allegations that, on the night of 5 March 2014, searches concerning her were discussed by the Hospital's staff members. She said she heard a male voice telephoning another hospital to check whether she had done something wrong and whether she had a "bad record" there. She said she heard the man speaking to someone whose name she provided. The applicant also said she heard a male voice saying "we accessed to stafflink… That's her salary packaging" and heard a man, who she said had done an investigation on her, saying "I asked my daughter to search it as well. Three of us did search together."
The applicant then alleges in the complaint that she heard other conversations on "6/4/2014" (but the context suggests that the applicant intended to refer to 6 March 2014). She says she heard the husband of the patient in the bed next to her say to the patient, "The staff are talking about deregistering a" and then he named the applicant's occupation. She also said that she heard a male nurse, with a first name identified by her ("the Identified Male Nurse"), enquire about what happened to her and the female staff immediately told him "she had a hysterectomy."
At about 9am on the morning of 6 March 2014, the applicant asked to speak to the nurse in charge. As the nurse in charge was unavailable, the applicant made a complaint to the team leader about her alleged treatment and people talking about her, identifying that they had disclosed her status as a carrier of Hepatitis B. She did not make any other allegations about disclosures made by the staff members or searches carried out by them concerning her.
The internal review was conducted by Lynne Paine, the Director, Information Management and Organisational Performance, of the respondent. Ms Paine gave evidence in the proceedings. Her evidence as to the investigative steps she took during the course of the internal review is unchallenged, and the Tribunal accepts it.
Ms Paine discussed the applicant's complaint with her whilst conducting the internal review. The applicant told Ms Paine that she believed that the staff involved had accessed information about her held by Commonwealth government agencies and other private entities (such as her bank). She also alleged that staff had accessed "StaffLink," a database of the respondent, in order to find out about the applicant's salary packaging details.
Ms Paine decided to interview staff members who could provide relevant information. She identified the ward staff rostered on the ward in which the applicant was a patient during the evening and night shifts on 4 and 5 March 2014. For 5 March 2014, Ms Paine also identified the ward staff rostered on the adjacent ward for the night shift.
Ms Paine searched the Hospital's information systems to ascertain whether they indicated the presence of other staff members in the applicant's ward during the night of 5 March 2014 and found that the applicant's Cerner Powerchart electronic medical record ("Cerner eMR") indicated that it had been accessed by a nurse on that ward and by a resident medical officer in the early morning of 6 March 2014. Cerner eMR is a clinical database that holds patient demographic and clinical information, including documentation from hospital attendances and clinical pathology and radiology results.
Ms Paine also ascertained that there was a male nurse with the same first name as the Identified Male Nurse who was rostered on a different ward on the morning of 6 March 2014. She identified as relevant people to interview the team leader of the applicant's ward and the person who was the ward clerk on the morning of 6 March 2014.
In this way, Ms Paine identified 21 staff members as being potentially relevant to the internal review. She wrote to each of them, inviting them to attend an interview, and then interviewed each of them in recorded interviews. Her notes of the interviews and transcripts of those interviews are in evidence.
The eight staff members identified by Ms Paine as being on duty on the evening and night of 4 March 2014 generally told Ms Paine they could not recall the applicant or could only recall her name. Two remembered looking after a patient with the same occupation as the applicant. All said they had no recollection of having discussions or conversations regarding the applicant or her personal life. Two staff members told Ms Paine that handover occurred in a "back office" or where "no-one can hear."
The eight staff members identified by Ms Paine in relation to the alleged incident on 5 March 2014 all denied discussing the applicant's personal life or her family. Each of the staff members interviewed by Ms Paine concerning the incident on the morning of 6 March stated they were not involved in any discussions about the applicant at the time of the alleged incident, with the exception of the ward team leader. She recalled discussing the applicant at patient handover but could not recall "any discussion out of the norm." She also recalled receiving the applicant's complaint and discussing this with the nurse unit manager. The Identified Male Nurse had no recollection of visiting the applicant's ward or that she was a patient in that ward (although he knew who she was, having worked with her).
Ms Paine also reviewed the admission history for the applicant's ward and confirmed that there was a young female patient admitted to the applicant's ward at 4.55am on 6 March 2014 and discharged at 9.10am the same day. She rang the patient on 20 January 2015 and 21 January 2015, and left messages, but they were not returned.
As part of her conduct of the internal review, Ms Paine reviewed a number of electronic information systems used at the Hospital and the applicant's personnel file to ascertain whether the respondent held the information the subject of the applicant's internal review application, between 4 March 2014 and 6 March 2014. She found that the respondent did not hold that information, with the exception of information about:
1. the applicant's profession;
2. her Hepatitis B status;
3. whether she has a criminal record with the Australian federal police and the local police station;
4. the applicant's professional registration details;
5. the applicant's previous employment at another (named) hospital;
6. her ultrasound record;
7. her medical result with a named vascular surgeon;
8. the applicant's religion;
9. the applicant's delivery of a live baby at a named hospital in 2001;
10. that she used to live in Blacktown;
11. that she was due for discharge in the morning of 6 March 2014; and
12. that she had a hysterectomy.
Ms Paine found that the respondent has a record of the applicant's marital status as "never married" which contradicts the information the applicant claimed was communicated about her.
On 25 July 2014, Ms Paine sent a completed internal review report to the applicant. The internal review report noted that the applicant had identified that the following types of conduct described her complaint:
1. security or storage of her personal or health information;
2. use of her personal or health information; and
3. disclosure of her personal or health information.
The internal review report identified the information protection principles and health privacy principles (collectively, "privacy principles") relevant to her complaint were information protection principle 5 and health privacy principle 5 (in relation to retention and security), information protection principle 10 and health privacy principle 10 (in relation to use), and information protection principle 11 and health privacy principle 11 (in relation to disclosure).
Ms Paine characterised the applicant's complaints that staff had accessed her personal information in the database StaffLink and her salary packaging details, and that the respondent had failed to protect her personal information from being inappropriately accessed by someone else, as an alleged contravention of the security principles. She found that access to Stafflink and salary packaging information was restricted via username and password held by individual staff members, and that there was no evidence that the applicant's employee record or her salary packaging details had been inappropriately accessed.
The report found that the alleged privacy breaches were unable to be substantiated as there was insufficient evidence that the alleged conduct had occurred.
On 29 August 2014, the applicant applied to this Tribunal for a review of the respondent's conduct.
[3]
CONFIDENTIALITY ORDERS
Both parties applied for confidentiality orders at the hearing. The respondent sought orders protecting the names of staff members against whom the applicant had made allegations, since they were not parties to the proceedings and had not had an opportunity to answer those allegations. The applicant sought orders that her name be kept confidential and, at the Tribunal's suggestion, also sought orders that her profession or occupation be suppressed, as this might, in the circumstances of the case, reveal her identity.
I was satisfied that it was desirable to make the orders sought by the applicant pursuant to s 64(1)(a) and (c) of the Civil and Administrative Tribunal Act 2013 (NSW), by reason of the confidential nature of the applicant's identity in the context of privacy proceedings. I was also satisfied that it was desirable to make the orders sought by the respondent pursuant to the same provisions, by reason of the circumstance that serious allegations have been made by the applicant against members of the staff at the Hospital to which those staff members have not had an opportunity to respond.
Accordingly, I made orders by consent, prohibiting the disclosure of the applicant's name and the names of hospital staff members against whom she has made allegations, and prohibiting the publication of evidence and matters contained in documents lodged with the Tribunal, to the extent that this would reveal the applicant's name, the applicant's occupation or the names of hospital staff members against whom the applicant has made allegations.
[4]
RELEVANT LEGISLATION
The applicant's application for internal review raises concerns about the retention and security of her personal and health information, the unauthorised use of her personal and health information and the unauthorised disclosure of her personal and health information. The relevant provisions are as follows.
"Personal information" is defined in s 4(1) of the Privacy and Personal Information Protection Act 1998 (NSW) to mean "information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion." However, it does not include health information within the meaning of the Health Records and Information Privacy Act 2002 (NSW) (Privacy and Personal Information Protection Act, s 4A).
"Health information" is defined in s 6 of the Health Records and Information Privacy Act as follows:
"6 Definition of "health information"
In this Act, health information means:
(a) personal information that is information or an opinion about:
(i) the physical or mental health or a disability (at any time) of an individual, or
(ii) an individual's express wishes about the future provision of health services to him or her, or
(iii) a health service provided, or to be provided, to an individual, or
(b) other personal information collected to provide, or in providing, a health service, or
(c) other personal information about an individual collected in connection with the donation, or intended donation, of an individual's body parts, organs or body substances, or
(d) other personal information that is genetic information about an individual arising from a health service provided to the individual in a form that is or could be predictive of the health (at any time) of the individual or of a genetic relative of the individual, or
(e) healthcare identifiers,
but does not include health information, or a class of health information or health information contained in a class of documents, that is prescribed as exempt health information for the purposes of this Act generally or for the purposes of specified provisions of this Act."
Section 4(4) of the Privacy and Personal Information Protection Act provides for the circumstances in which personal information is held by an agency as follows:
"(4) For the purposes of this Act, personal information is held by a public sector agency if:
(a) the agency is in possession or control of the information, or
(b) the information is in the possession or control of a person employed or engaged by the agency in the course of such employment or engagement, or
(c) the information is contained in a State record in respect of which the agency is responsible under the State Records Act 1998."
Section 9 of the Health Records and Information Privacy Act makes very similar provision in respect of the holding of health information. It provides:
"9 What constitutes "holding" information
For the purposes of this Act, health information is held by an organisation if:
(a) the organisation is in possession or control of the information (whether or not the information is contained in a document that is outside New South Wales), or
(b) the information is in the possession or control of a person employed or engaged by the organisation in the course of such employment or engagement, or
(c) in the case of a public sector agency - the information is contained in a State record in respect of which the agency is responsible under the State Records Act 1998."
Section 12(c) of the Privacy and Personal Information Protection Act (the security principle) provides:
"12 Retention and security of personal information
A public sector agency that holds personal information must ensure:
…
(c) that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse, …"
Section 17 of the Privacy and Personal Information Protection Act (the use principle) provides:
"17 Limits on use of personal information
A public sector agency that holds personal information must not use the information for a purpose other than that for which it was collected unless:
(a) the individual to whom the information relates has consented to the use of the information for that other purpose, or
(b) the other purpose for which the information is used is directly related to the purpose for which the information was collected, or
(c) the use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual to whom the information relates or of another person."
Section 18(1) of the Privacy and Personal Information Protection Act (the disclosure principle) provides:
"18 Limits on disclosure of personal information
(1) A public sector agency that holds personal information must not disclose the information to a person (other than the individual to whom the information relates) or other body, whether or not such other person or body is a public sector agency, unless:
(a) the disclosure is directly related to the purpose for which the information was collected, and the agency disclosing the information has no reason to believe that the individual concerned would object to the disclosure, or
(b) the individual concerned is reasonably likely to have been aware, or has been made aware in accordance with section 10, that information of that kind is usually disclosed to that other person or body, or
(c) the agency believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person."
Health privacy principle 5(c), in cl 5(c) of Sch 1 to the Health Records and Information Privacy Act, provides:
"5 Retention and security
(1) An organisation that holds health information must ensure that:
…
(c) the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse, …"
Health privacy principle 10 (the "use principle"), in cl 10(1) of Sch 1 to the Health Records and Information Privacy Act, provides that "[a]n organisation that holds health information must not use the information for a purpose (a secondary purpose) other than the purpose (the primary purpose) for which it was collected unless" certain exceptions apply.
Health privacy principle 11 (the "disclosure principle"), in cl 11(1) of Sch 1 to the Health Records and Information Privacy Act, provides that "[a]n organisation that holds health information must not disclose the information for a purpose (a secondary purpose) other than the purpose (the primary purpose) for which it was collected unless" specified exceptions apply.
[5]
SCOPE OF COMPLAINT
On the internal review application form, the applicant identifies the conduct of which she is complaining as having occurred between 11pm on 5 March 2014 and 6am on 6 March 2014. However, it is clear from her detailed description of the alleged conduct of which she is complaining, which is annexed to the internal review application form, that the alleged conduct occurred over a longer period, between 4 March 2014 and about 10.30am on 6 March 2014. When asked about this discrepancy by the internal review officer, Ms Paine, she said she would like the conduct in this broader period considered, and Ms Paine did consider it. Accordingly, this conduct may be reviewed by the Tribunal (see Privacy and Personal Information Protection Act, ss 53(1) and 55(1); ALZ v WorkCover NSW [2015] NSWCATAP 138 at [62]-[63]).
[6]
PERSONAL OR HEALTH INFORMATION?
The respondent does not dispute that the information the subject of the applicant's internal review application was information or an opinion about her, or that her identity could reasonably be ascertained from the information or opinion.
Some of the information the subject of the complaint is the applicant's health information because it is personal information that is information or an opinion about her physical health or a health service provided to her within s 6(a) of the Health Records and Information Privacy Act, such as information about her ultrasound record, the fact that she had a hysterectomy and her Hepatitis B status.
As was recognised in the internal review, some of the information the subject of the complaint is the applicant's health information because it is personal information collected to provide a health service within s 6(b) of the Health Records and Information Privacy Act.
The remainder of the information the subject of her complaint is "personal information" within the meaning of the Privacy and Personal Information Protection Act.
Ultimately, it has not been necessary to determine which information is personal information and which is health information. It has been sufficient for the purposes of determining this application to recognise that the information in question is a combination of personal and health information.
[7]
Was the information held by the respondent?
As indicated above, Ms Paine conducted searches of the respondent's information systems (both paper and electronic) to determine whether the respondent held the information the subject of the applicant's application between 4 March 2014 and 6 March 2014. Ms Paine explained that there were some information systems to which she did not have access in relation to the applicant's information, and she also explained the categories of information which these systems contained. One of the systems to which she did not have access included salary packaging information.
I am satisfied from Ms Paine's evidence that the only personal or health information of the applicant which the respondent holds, and which is the subject of the applicant's complaint, is that identified by Ms Paine and set out above at paragraph 19, and information about the applicant's salary packaging (to which Ms Paine does not have access). An agency does not hold information by virtue of it being in the mind of an employee or agent of the agency: Vice-Chancellor, Macquarie University v FM [2005] NSWCA 192 at [28].
The privacy principles of relevance to these proceedings apply to an agency "that holds personal information." Accordingly, the Tribunal may only review the alleged conduct of the respondent in relation to the information held by it, as identified above.
[8]
Whether alleged INCIDENTs occurred
The applicant gave sworn evidence in the Tribunal to the effect that the conversations and events the subject of her internal review application occurred. She also detailed her claims about what occurred in a document filed with the Tribunal prior to the hearing, containing both evidence and submissions. For convenience, I will refer to this document as the applicant's Statement.
The respondent relies upon the evidence of Ms Paine and the Nurse Unit Manager of the applicant's ward in support of its position that those events and conversations did not occur. The respondent tendered transcripts of Ms Paine's interviews with staff members, but did not call any of those staff members as witnesses.
In support of the respondent's primary submission that the Tribunal should not be satisfied that the alleged discussions occurred, Ms Morris, for the respondent, contends that the applicant has changed her account of the discussions and events since she made her initial complaint, that the applicant's clinical notes do not support her story and that it is inherently implausible that the alleged discussions occurred. Ms Morris accepted that the applicant believes that the events occurred as she described them and, to that extent, does not challenge the applicant's credibility.
[9]
Whether applicant imagined events or suffered from confusion
In cross examination, the applicant denied that she was confused about what happened between 4 and 6 March 2014, or that she had imagined it. The respondent did not submit that she had imagined the events or was otherwise confused about them, but this appears to be implicit in the respondent's submission that they did not occur, and the respondent's acceptance that the applicant believes they occurred.
[10]
Change of story
Ms Morris submits that the applicant's story has changed since she lodged her internal review application, and that this is a factor which points towards her account of the events of 4 March 2014 to 6 March 2014 not being reliable.
In the applicant's Statement, she makes allegations about matters which she overheard which are not contained in her internal review application and provides greater detail about the events she had previously outlined. For example, the applicant identifies by name the female nurse she claims to have heard speaking loudly on 4 March 2014 in the Statement. Ms Morris points out that the applicant named the female nurse only after Ms Paine had filed a statement naming the nurse.
The Statement also contains more information about the circumstances in which the applicant claims that the Identified Male Nurse was told that the applicant had a hysterectomy. She alleges in the Statement that a female nurse, whose first name the applicant provides, was there at the time and that the Identified Male Nurse said to a female nurse that the applicant had recently made a professional error (the nature of which is identified).
Another new allegation in the Statement is that, on the night of 5 March 2014, the applicant heard the printing of lots of paper from the printer and a male voice saying "print them out. 12 (9?) inch (centimetre?) long." There are other new matters mentioned in the Statement which I have not set out here.
The applicant also provided new information at the hearing about what she said happened whilst she was in hospital. She said she had heard staff members say that she was the first one operated on in the operating theatre, and heard them mention the name of the applicant's boss. The applicant said that one of the people who spoke about her had said that the applicant needed to compensate the person who had an operation after her because the applicant had Hepatitis B and was responsible for contaminating other patients.
The applicant provided other details of the alleged conversation at the hearing, including talk about her scan results regarding fibroids she had had, and a statement that the staff members thought she carried a "flawed ID". She said that she had also heard them talking about the goods her ex-husband took through Customs, including Sheridan linen.
In response to the respondent's submission that her story had changed, the applicant said that it had not changed, she had just provided more information.
I accept the respondent's submission that the additional details, provided by the applicant after the making of the internal review application, support the respondent's contention that the alleged events did not occur. It would be expected that the applicant would have mentioned in her internal review application hearing the sound of the printer, the alleged conversation about her ex-husband taking Sheridan linen through customs and the alleged conversation about the applicant needing to compensate other patients for contamination, if these events had occurred as alleged. This casts doubt not only on these added details, but also upon the reliability of the applicant's original account of events.
[11]
Clinical notes
The clinical notes made about the applicant whilst she was a patient at the Hospital between 4 and 6 March 2014 are in evidence. The respondent submits that there is nothing in the applicant's contemporaneous progress notes for the nights of 4 and 5 March 2014 to support her allegations.
The Tribunal has reviewed the applicant's progress notes for the night of 4 March 2014. They record that, at 12.40am on 5 March 2014, she requested that her indwelling catheter or "IDC" be removed because it was uncomfortable. They also record, on the morning of 6 March 2014 at 4.50am that she was "seen to sleep most of night." There is no record of the applicant making any complaint until 10.20am on 6 March 2014, where it is recorded that she said "she overheard conversation overnight" and that staff were speaking about her Hepatitis B status and her occupation. Another entry at 11.20am on the same day records that the applicant felt she had been discriminated against because of her Hepatitis B status.
Ms Morris submits that the medical records do not support the breadth of allegations now made. She said that the allegations were not made until the morning of 6 March 2014. One would expect, in the respondent's submission, that the applicant would have provided more detail about the alleged conversations when she made the complaint on 6 March 2014, had they occurred. For example, one would expect her to have referred to the discussion about her bank account details and her ex-husband, whereas she only referred to the alleged discussion of her Hepatitis B status and her occupation.
Under cross examination, the applicant explained that she had not complained about the conversations she had overheard at the time, because she felt very embarrassed and scared. She said that the entry which described her as sleeping was incorrect. She had just closed her eyes and was not asleep. In response to a question about whether she had told the team leader the details of what she had heard when she made a complaint on 6 March 2014, the applicant said she did not because the team leader was not the Nurse Unit Manager and she wanted to tell the Nurse Unit Manager.
The Tribunal accepts that the applicant's clinical notes up to the entry on 6 March 2014 at 10.20am provide no indication that the applicant heard the conversations she said she heard, or that she was troubled by them, at the time. The observation that she was seen to sleep most of the night, if it is correct, does not preclude the occurrence of the events the applicant describes, but makes such occurrence less likely. The Tribunal finds the applicant's explanation that she was awake with her eyes closed, not credible, given that the observer was a nurse and it is unlikely that the applicant would have just closed her eyes for the entire night. It also seems unlikely that the applicant would make a complaint on the night of 4-5 March 2014 about a physical problem, without mentioning the conversations she overheard (presuming they had occurred by then). The feelings of embarrassment and fear she testifies to having had may partially explain this, but such feelings did not prevent her complaining on the morning of the 6 March 2014. In this complaint, she mentioned the more embarrassing issue of her Hepatitis B status and did not mention other, less embarrassing issues.
I accept the respondent's submission that the complaint the applicant did make, on 6 March 2014, was much more limited in scope that the complaint expressed in the applicant's internal review application. I also accept that it would be expected that the applicant would have mentioned hearing staff members speak about a broader range of matters on the morning of 6 March 2014, or earlier, if she had in fact overheard the conversations she now maintains she did overhear.
On balance, the Tribunal's view is that evidence contained in the clinical notes supports the respondent's position that the events did not occur as alleged.
[12]
Implausibility of account
Ms Morris, for the respondent, submits that the implausibility of the events recounted by the applicant provides another reason why the Tribunal should not be satisfied that the alleged discussions occurred.
She submitted that it was implausible that numerous members of the respondent's staff would conspire to undertake a detailed investigation into the applicant's personal and professional life, as well as the lives of members of her family, and discuss the results of this investigation in the applicant's proximity whilst she was a patient at the Hospital. She submitted that this was neither supported by the detailed internal review investigation undertaken by Ms Paine, including interviews with 21 staff members, nor the applicant's contemporaneous medical record.
In relation to the conversations alleged to have occurred on the night of 5 March 2014, the respondent submits that it is improbable that 5-6 staff members would discuss, outside the applicant's room, a detailed investigation undertaken by at least one of them addressing the applicant's migration status, criminal record, professional status, employment history, medical records, religion, bank account details, parents' personal details, separated husband's personal details and other personal details of the applicant. The respondent submits that it is also improbable that the applicant would be able to specify the detailed information discussed, the gender of the speaker, and that one of the staff members was reading her ATO statement, two weeks after the alleged incident, even though the alleged incident occurred at night, when the applicant was in hospital recovering from an operation.
In her interview with Ms Paine, the applicant confirmed that she believed the staff involved had accessed personal information of hers held by a professional registration board, the Commonwealth Department of Immigration, the Commonwealth Department of Human Services and her bank and had also checked whether she had a criminal record with the Australian Federal Police.
At the hearing, Ms Morris asked the applicant how the staff members could have got access to her information. The applicant said that a man who was there, who was not a staff member, gave the staff members information about her parents. She said he could have been in the security area.
The respondent also relies upon the interviews conducted by Ms Paine in which none of the staff members said they recalled any discussion of the applicant's personal details, other than possibility the mention of her occupation. Ms Morris referred to Ms Paine's interview with the nurse who the applicant alleges had on a loud conversation on the night of 4 March 2014. Ms Morris pointed out that the nurse had said she would only discuss a patient's care requirements, not a patient's personal details. Further, Ms Morris relies upon evidence given by Ms Hammond, the Nurse Unit Manager of the applicant's ward, that she has never witnessed the nurse in question being inappropriate in her comments.
Ms Morris said that, if the Tribunal was left in a state of uncertainty as to whether the events occurred, it was required to find that the events did not occur, and relied for this proposition on KP v Narrandera Shire Council [2011] NSWADTAP 14 at [31].
The applicant submitted, in relation to the allegation that her account was implausible, that she could only say what she heard. She said the amount of detail she was able to provide suggested it was the truth. She queried the reliability of the evidence of staff members who said they could not recall the alleged conversations or who denied involvement.
I accept the respondent's submission that it is more likely than not that the discussions the subject of the applicant's application did not occur, due to the implausibility of the events described. It would have been extremely difficult for anyone to obtain the applicant's personal details from Commonwealth government departments or entities and a bank, all of which are bound by privacy legislation. The applicant's explanation that someone who was possibly from security was present at the time and gave information about her parents to staff members was only made at the hearing. It is vague in that she does not identify who this person was, how the person came to be there, why she did not mention him before, on what day and at what time he was in the ward and who he spoke to. There is also no explanation of how this unnamed person could have obtained the applicant's personal information. If such a person existed, one would have expected the applicant to mention him earlier.
As the respondent submits, it is also very unlikely that, if an individual had obtained the applicant's personal information, he or she would have discussed it loudly outside the applicant's ward. If this had occurred, it is implausible that no member of staff would have mentioned this to Ms Paine. The failure to mention such gross breaches of privacy is indicative of a conspiracy. Such a conspiracy is inherently unlikely and, apart from the applicant's evidence, the evidence does not support the existence of a conspiracy.
For these reasons, I find that it is more likely than not that the conversations attested to by the applicant did not occur.
[13]
Whether conduct would have contravened a privacy principle
Whilst it is not strictly necessary for me to do so, I have also considered whether any of the alleged conduct is conduct of the respondent which would contravene a privacy principle, if established, since this was the subject of submissions.
[14]
Disclosure
A disclosure involves the provision of information to someone outside the agency: Department of Education and Communities v VK [2011] NSWADTAP 61 at [21]. There is no evidence that anyone outside the agency overheard or was made aware of the discussions said to have occurred in the middle of the night on 4 and 5 March 2014. The possibility that someone, such as a patient, could have overheard the discussions is not sufficient for the Tribunal to make a finding of a contravention of a disclosure principle: see AIF v The University of Western Sydney [2013] NSWADT 20 at [14] and [19]. The allegation that the applicant heard another patient's husband say that the staff were talking about deregistering a person of the applicant's profession would not, if established, amount to a disclosure of the applicant's personal or health information, because the applicant's identity is not ascertainable from that information. Any communication made to the Identified Male Nurse is not a disclosure, because it is a communication within the agency. Accordingly, I am not satisfied that, if the discussions occurred as alleged, there was in fact any disclosure of the applicant's personal or health information.
[15]
Whether conduct attributable to respondent
I am satisfied that the staff members' alleged conduct in discussing the applicant's personal and health information, and their alleged conduct in inappropriately accessing the applicant's information on the respondent's databases, was not authorised by the respondent and was not for a purpose of the respondent. As the respondent submitted, to the extent that the information in question was held by the respondent, its access, use and disclosure was for a purpose extraneous to any purpose of the respondent, and is therefore not conduct of the respondent: see Director General, Department of Education and Training v MT (2006) 67 NSWLR 237 at 247 [43].
Further, there was no evidence that the respondent's security safeguards for protecting information were inadequate.
Accordingly, even if the applicant could establish that the conduct occurred as alleged, I would not find that the respondent had contravened a privacy principle.
[16]
OUTCOME AND ORDERS
For the reasons given above, I am not satisfied that the respondent contravened a health privacy principle or an information protection principle.
The Tribunal accordingly decides, pursuant to s 55(2) of the Privacy and Personal Information Protection Act, not to take any action on the matter.
I hereby certify that this is a true and accurate record of the reasons for decision of the Civil and Administrative Tribunal of New South Wales.
Registrar
DISCLAIMER - Every effort has been made to comply with suppression orders or statutory provisions prohibiting publication that may apply to this judgment or decision. The onus remains on any person using material in the judgment or decision to ensure that the intended use of that material does not breach any such order or provision. Further enquiries may be directed to the Registry of the Court or Tribunal in which it was generated.
Decision last updated: 07 September 2015