There is a widespread and systematic problem of ACC staff having inadequate access to the files of survivors of sexual abuse, advocates say.
One defender believed her own privacy had been violated some 30 times by ACC staff clicking on her file, simply because she was representing a claimant they were handling.
Advocates’ concerns arise after RNZ reported yesterday that an Auckland man who was disabled by an accident discovered that dozens of ACC staff members had agreed to a previously sensitive claim he opened for child sexual abuse. It had been accessed hundreds of times since the claim was closed.
An ACC investigator had also accessed a confidential claim file belonging to the man’s wife, who acted as his advocate. The couple only made the discoveries after requesting fingerprints from ACC.
ACC has said that all accesses to the couple’s confidential claims files were justified.
It was a scenario that was “unfortunately quite common,” said victim advocate Ruth Money. “It is a total violation of privacy.”
Money said he was not surprised that ACC said the 350 hits on the man’s file were justified.
“In my experience, this is ACC’s alternative to saying it’s for a legitimate reason … and they point to an administrative reason like an address verification or a refund. That’s absolute nonsense. They don’t need to be delving into your sensitive claim. , or any claim, for that reason, “he said.
Money recommended that each customer request a fingerprint to verify who was accessing their information. If the information they received was concerning, he urged them to raise it with ACC and the Privacy Commissioner.
Greater security and more restrictions are needed on sensitive claims, he said. She believed inappropriate access had worsened since ACC dismantled the Wellington-based Sensitive Claims Unit in September last year in favor of handling some claims by teams of people spread over eight different locations.
“So when you call for a sensitive claim, you could be dealing with anyone. So they have had to open their system so that people can access things, which is just abhorrent and is a total violation,” Money said.
“We are not talking about a broken ankle or back pain here. We are talking about really personal, intricate and traumatic details that are sitting in that system about their sexual abuse.”
ACC told MPs last month that their privacy controls had not changed with the introduction of the new complaint management system.
ACC consultancy Fiona Radford said that some 20 clients she advocates for had requested fingerprints and found what they believed to be inappropriate access to their sensitive claims by ACC staff.
She believed that her own privacy had also been violated some 30 times by ACC due to her advocacy work. In a recent example, fingerprints showed that an ACC case manager from a client he had advocated for 18 months earlier had entered his file.
“I was really angry, I think it was inappropriate after 18 months of not dealing with a particular complaint.”
He said ACC told him that the access was legitimate, but that he disagreed and was in the process of filing a complaint with the Privacy Commissioner.
She believed that employee browsing of ACC files was widespread.
Last month, ACC unionized staff expressed “their displeasure with the level of access they have to sensitive complaints” in a survey by the Public Services Association. In response, ACC Acting Executive Director Mike Tully told RNZ that he was unaware of those concerns, but staff working in call centers, claims, payments, and clinical advisers had access to confidential claim information to help the claimant.
ACC Green Party spokesperson Jan Logie said she was “appalled” by ACC’s response to concerns about how it handles confidential claims information.
“Advocates, ACC staff and abuse survivors have said that there is a problem with the way ACC handles confidential information. [ACC] he doubled down on the fact that this is a normal and perfectly acceptable matter, when the proof of whether it is is the experience of the survivors. “
“ACC’s refusal to see things from their perspective only undermines that confidence before they even get close. They have to do better.”
He called for stricter restrictions to ensure that confidential information can only be viewed by ACC staff directly involved in the management or treatment of a client.
ACC declined to speak to RNZ, but said in a statement that it “trusts that confidential claims information is handled with due diligence and respect.”
“Unless an ACC employee is involved in handling a claim, under no circumstances is it legitimate for ACC staff to access a claim file belonging to a client advocate. Any staff member who does so would be in breach the ACC Code of Conduct “.
ACC did not respond to RNZ’s questions about whether staff access to personal files belonging to a client ombudsman was considered acceptable.
ACC said that staff were required to adhere to its Code of Conduct, which sets out expectations that employees maintain the highest standards of integrity, discretion and ethical conduct in the performance of their duties.
“This includes not accessing claims information that is not necessary for them to perform their role. All staff and contractors must also act in accordance with the ACC Claimants ‘Rights Code, which covers claimants’ rights. to have your privacy respected. “
ACC said it had not received any complaints about improper staff access to confidential claims files in the past 12 months.
RNZ has seen a complaint filed by Radford to ACC in June about staff access to its files.
RNZ reported yesterday that two sensitive plaintiffs, known as Matthew and Kate, had also filed complaints in the past 12 months about inappropriate access to their information. Both were fired by the agency.
RNZ has asked the ACC for further clarification.
The Privacy Commission declined to comment on individual cases, but told RNZ that it received 19 complaints about ACC in 2020/21, although none were for “employee searches” of files and none related to confidential claims.