A doctor's office disclosed a patient's childhood abuse when a letter was sent to the person's neighbour accidentally.
The incident happened when the patient told their GP about past abuse, who referred them on to counselling to help work through issues stemming from that abuse.
The GP's office followed up the referral by sending a letter to the patient's house.
The envelope did not have the patient's name on it, or a return address.
It also had the incorrect street number, and went to a neighbour's house instead of the patient's house.
Not knowing who the letter was for or who it was from, the neighbour opened the letter, accidentally finding out about the patient's abuse history.
The patient complained to the Privacy Commissioner, who found breaches under rules 5, 8 and 11 of the Health Information Privacy Code 1994.
The rules breached were with regards to secure process, confirming the correct personal information is used and unauthorised disclosure.
The patient sought and was compensated for emotional harm and formally apologised to by their doctor's practice.
The practice also agreed to change certain processes to prevent the same privacy breach from happening again, such as putting a return address on all letters.