ACC call center workers shared details of people’s injuries and poked fun at them on Snapchat, RNZ can reveal.
The group of more than a dozen employees working at ACC’s Hamilton contact center took photos of customer injury descriptions displayed on their work screens and posted them to a private Snapchat group called ” ACC Whores “.
One image included the name, contact details and injury sustained by an athlete who has represented New Zealand on the world stage. Another detailed the injuries of a sensitive plaintiff who ended up in the hospital after they attempted to end his life.
“It’s really disgusting to be honest. They thought it was funny, but it’s a privacy violation,” a member of the Snapchat group told RNZ.
They decided to speak up after RNZ reported that complainants and advocates were concerned about the way the agency was handling confidential information and ACC responded with assurances.
“When I read ACC’s comments that it takes privacy seriously, I knew I had to do something.”
Earlier this month, RNZ reported the case of a man who was horrified to discover that more than 90 ACC employees had accessed an old confidential claim file more than 350 times since it was closed. The man believed his privacy and rights had been violated, but ACC said each login was justified.
The call center whistleblower said unethical access to claimants’ medical records was widespread among her colleagues. Staff routinely entered files they didn’t need, despite being told not to, the employee said.
Contact center staff frequently read personal medical information about claimants despite being “warned not to do so during training” and no one verified whether the rules were followed.
“I know a lot of people who do it and they’ve never been in trouble.”
Call center managers were aware of the behavior but did nothing to stop it, and one manager was even a member of the Snapchat group.
Several of the images posted on the Snapchat group, and seen by RNZ, mocked people who had hurt themselves while drunk or intoxicated on drugs.
In one, an employee taunted a claimant who was injured after taking “200 vials of nitrous at a party.” They posted the details with a goofy face emoji and the comment, “The girl really did her best.”
The whistleblower said that privacy training for call center staff was inadequate even though they all had access to confidential claim information.
Contrary to what many believed, there were no special measures to protect medical records pertaining to confidential claims, and once the identity of the caller was verified, the call center staff could view all of their claims and see all their medical records, they said.
“All we have to do is go to the documents tab and literally everything is there. And if we wanted to click on each one and just open it, there are no passwords to enter.
“We are told to ask for your full name, including your middle name, your date of birth, your address on file, and your phone number, and that’s security.”
The behavior of colleagues and the general lack of security had discouraged the employee from submitting their own confidential claim, because they knew how easily staff could access the information.
“All my providers that I’ve been talking to, therapists and other things, they say, you know, it’s confidential information. But I work for ACC, so I know it’s not.”
They believed that some staff members were also acting unethically. “Someone on my team that I work with from time to time looks on Facebook for the people they talk to … just curious, they think they have a good voice.”
The ACC Code of Conduct says that employees must “take all reasonable steps to protect the privacy of our customers” and “be responsible for the security and confidentiality of all information they handle during their employment with ACC.”
Misuse or sharing of customer information is considered a serious offense, the Code says.
Acting ACC Executive Director Mike Tully said he was “deeply disappointed” by the situation.
“This behavior is not tolerated at all at ACC. Since we were informed, we moved quickly, removed 12 staff members and began an immediate investigation into this matter.”
The internal investigation would determine if more personnel were involved and if more plaintiffs, besides the athlete, had had their privacy violated, Tully said.
The athlete, whose name, email and injuries were shared, was contacted.
“Naturally, they were surprised and asked us some questions. We have been able to answer them and we shared with the person what was revealed and they are satisfied with our response to date.”
It admitted that the athlete’s privacy had been stranded and employees who shared the claimants’ injuries violated the agency’s Code of Conduct. As part of the investigation, ACC was working to identify the plaintiffs whose injuries, but not names, were shared by the Snapchat group.
Tully did not believe the behavior was widespread among ACC employees.
“I am not aware of that. It is deeply upsetting that a small number of our staff discredit our organization.”
Access to sensitive claims
The Snapchat privacy breach comes as ACC Minister Carmel Sepuloni revealed that 1,414 agency employees had access to tens of thousands of confidential claims files.
The figure was revealed in response to parliamentary written questions from ACT MP Brooke van Velden.
“I am advised that access to confidential claims is provided only to ACC personnel who absolutely require it to complete the functions of their role,” Sepuloni said.
“ACC actively handles approximately 27,000 confidential claims each year, and this number continues to increase as demand for support increases. It is critical that ACC has sufficient properly trained staff with access to the appropriate information available to manage all aspects of claiming a survivor in order to provide them with the support they need.
“I am confident that ACC takes the privacy of the information it holds very seriously and that all information provided to ACC by customers and suppliers is handled with care and respect,” Sepuloni said.
“ACC is working to determine if it needs to change or improve its systems and processes regarding access to confidential claims information. The way ACC collects, secures, uses and shares information is governed by the Privacy Act and the Privacy Code. of Health Information “.
Access to confidential claims files should be severely restricted to a small number of staff, van Velden said.
“I don’t see how more than 1400 people in ACC need access to information that provides ongoing trauma to people who have approached the Sensitive Claims Unit. A smaller group of people will find it much easier to maintain information from the people in private. “
She said the “despicable” behavior of call center staff sharing private and confidential information with each other is proof that change is needed. “There can be no good reason why so many people need access to that information.”