One person has been fired and another faced disciplinary action after privacy breaches at Tauranga and Whakatane hospitals, new figures show.

The figures, released to the Bay of Plenty Times under the Official Information Act, reveal there has been 10 reports of privacy breaches involving a Bay of Plenty District Health Board staff member so far this year, compared to a total of five last year.

In 2014 there were 13 cases, including one which resulted in a verbal warning. In 2015, one breach resulted in a disciplinary penalty and someone being fired.

Of this year's complaints, three were investigated and no breach was found; in two cases staff involved were spoken to; in another two staff were spoken to and required to take online privacy training; and another three remain active.


District health board quality and patient safety manager Debbie Brown said the person who lost their job accessed and used patients' information in an employment dispute with the district health board.

''Patient privacy is at the core of what we do here at the DHB and that is why any potential breach is thoroughly investigated and any appropriate follow-up action taken swiftly.''

Ms Brown said the most common cause behind breaches was staff accessing patient records without a work-related need to do so, or patient information being left where it could potentially be viewed by unauthorised people.

A privacy officer oversaw and investigated all privacy breaches.

Ms Brown said the number of this year's cases reflected the board's low tolerance to privacy breaches.

Social media certainly has increased the risk of privacy breaches, without a doubt.


''No patient privacy breach is acceptable but when put into the context of the DHB employing over 3000 staff and the huge number of essential patient information transactions in any given day the number of breaches is small.''

In 2012, a staff member was sacked after accessing the private files of 48 patients, former patients and fellow staff members over a four-year period.

Privacy Commission spokesman Sam Grover said health organisations made up about 15 per cent of complaints each year and of this district health boards ''are a significant proportion ... simply because of their much larger patient load than GP's offices or midwifery practises''.

''For a business or DHB, regular privacy breaches erode trust,'' Mr Grover said.

''If people don't trust the agencies they work with they will be reluctant to engage with these organisations. This can create a major problem for DHBs in particular, as people will be more reluctant to share necessary health information - which makes for riskier medical procedures.''

Mr Grover said most breaches involved human error or carelessness and while some were relatively minor, others were extremely traumatic and had far-reaching consequences for the victim.

Mr Grover said the accidental release of a patient list of names and addresses might be inconsequential for some people but terrifying for someone like a victim of domestic violence who might be deliberately hiding.

''It all depends on the individuals circumstances. Since agencies can't possibly know all of their customers' specific circumstances, they need to provide a reasonable level of privacy protection to all of them,'' he said.

Work is currently underway to overhaul the New Zealand Privacy Act.

Mr Grover said the Commission was supportive of the reform ''as it will give us a clearer picture of how many breaches are going unreported at the moment, and enable us to focus efforts on the sectors that most need it''.

''There's a good chance that some privacy breaches are going unreported.''

New Zealand Nursing Organisation's Paul Matthews said social media in the workplace had become a problem in recent years.

''Social media certainly has increased the risk of privacy breaches, without a doubt. It's something we work quite closely with the DHB on. We've provided a significant amount of guidance to our members.''

Mr Matthews said overall the district health board policies around privacy were robust and very clear.

Public Service Association national secretary Erin Polaczuk said it could not comment other than to say its members took their privacy obligations very seriously.

The Ministry of Health and Minister of Health both declined to comment, directing questions to the district health board.