ACC mixed up files of two people with similar names
ACC mixed up the files of two people and sent the medical notes of one to the other.
Sarah*, a sexual abuse survivor, discovered the mistake last month after requesting a copy of her case file and a digital footprint of her sensitive claim, after suspecting her own privacy had been breached.
Instead, her request led to someone else's privacy being breached. Sarah was sent her own case file and among the documents was the 2018 incapacity assessment report written by an ACC psychiatrist and used to determine the level of financial compensation she received from the agency.
"It was the first time I'd ever seen it… and I was crying in frustration because there were so many things she'd [the psychiatrist] got wrong," Sarah said.
She soon discovered a further error: Medical notes belonging to another ACC client with a name similar to hers had been attached to the report.
Sarah immediately alerted ACC to the mistake. "I asked them to shred this report because it contains so many untruths. I was told they couldn't destroy it, but I could attach a statement to the report correcting the parts that were wrong."
"I said [to ACC], 'how many people do you know that ring up about a privacy breach, and when they eventually send you the information you want, you've got a huge privacy breach attached to your file?'
"It's insane," she said.
In a statement, ACC acknowledged mistakes had been made with Sarah's medical records. "We can confirm that the five pages of another client's information were uploaded in error to [Sarah's] file. We have contacted the client to advise them that this has occurred," ACC head of client recovery Phil Riley said.
"We regret the distress that the inaccuracies in [Sarah's] report have caused. The provider [the psychiatrist] is currently overseas and we will be engaging with her to discuss the issues when she returns. In the meantime, we have offered [Sarah] a statement of correction to the report."
Sarah said she did not feel up to reading through the assessment again to look for mistakes because it was so upsetting. "I just can't bring myself to go through it again yet."
She was also concerned she wasn't asked to sign for two courier parcels containing her files - and the notes of the other ACC client - even though ACC had requested the delivery was signed for. "The first parcel was left on my neighbour's letterbox. The second was just handed to me," she said.
ACC acknowledged the courier did not follow its own protocols.
"In these two instances the courier has fallen well short of our expectations. We have written to our courier company and we will be meeting with them to discuss how we can ensure this does not happen again."
The digital footprint of Sarah's sensitive claim file showed it had been accessed once in the last two years, by an ACC employee reviewing a rehabilitation programme Sarah had taken part in.
The employee's name was originally blacked out, until Sarah requested the name be released.
Sarah felt her privacy had been breached because ACC had not asked permission to open her file, but the agency said the access was "justified".
"This type of analysis is part of our responsibility under ACC legislation and we are satisfied the access to your claim was both lawful and appropriate and for a legitimate business purpose."
Sarah said the whole episode had been "very distressing" and she would like ACC to formally apologise for the mistakes it had made.
*Name has been changed.
**This story originally said that the second ACC client's notes were used to decide how much compensation Sarah received. ACC says this is not the case and RNZ apologises for the error. The story also said the report was completed a decade ago, when it was completed in 2018, that RNZ had requested an interview with ACC when it had put questions to ACC in an email, and that one ACC staff member's name was redacted but others weren't, when all ACC staff names were initially redacted. These errors have been corrected.