Commercial data company Medworq has collected complete medical records from general practitioners for years, reports Follow the Money (FTM). This seriously violates the privacy of at least 72,000 patients and the medical professional secrecy of at least 35 general practitioners. The doctors and patients knew nothing about it.
According to FTM, Medworq kept the data unanonymized for years in unsafe places. A whistleblower raised the privacy violation internally and externally. When that didn’t work, he decided to take the medical records and internal documents with him.
The files contain very privacy-sensitive data. The names, social security numbers and address details are linked to physical ailments, but also serious personal problems such as domestic and sexual violence, and psychological complaints.
Patients are informed by doctor
Medworq collected the files to test medical dashboard software. These dashboards allowed GPs to identify and track patients. The software system was built on behalf of pharmaceutical company GlaxoSmithKline. Medworq tells FTM that the files will be destroyed around 2020.
Medworq denies that GlaxoSmithKline had access to patient data. However, internal documents show the opposite, says Follow the Money. GlaxoSmithKline does not deny this when asked.
FTM has approached the affected general practitioners and provided a fact sheet and further information with which they can report to the Dutch Data Protection Authority. It has been agreed that GPs inform their patients themselves.
Consciously maintained data breach
Medworq has reported to FTM that it has made a report to the Dutch Data Protection Authority (AP). It would also have reported the theft to the police. The company says the employee took the files because of a labor dispute. The employee left at the end of 2019, with a departure arrangement.
The AP cannot comment to FTM whether a report has indeed been received from Medworq. Medworq states that the affected general practices were immediately informed after the ex-employee had taken the files.
FTM says that inquiries have shown that this is not true: not a single GP or practice has been informed about the leak. Internal documents would show that Medworq had previously deliberately left a data breach in general practitioners.
–
