“The data company has been invading the privacy of tens of thousands of patients for years” –

Commercial data company Medworq has been collecting extensive medical records from general practitioners for years, reports Follow the Money (FTM). This seriously violates the privacy of at least 72,000 patients and the medical professional secrecy of at least 35 general practitioners. Doctors and patients knew nothing about it.

According to FTM, Medworq has been storing anonymous data in insecure locations for years. A whistleblower raised the privacy violation internally and externally. When that didn’t work, he decided to take the medical records and internal documents with him.

The files contain very privacy-sensitive data. Names, social security numbers and contact details are linked to physical conditions, but also to serious personal problems and psychological complaints, such as domestic and sexual violence.

Patients are informed by the doctor.

Medworq collected the files to test the medical dashboard software. These signs allowed GPs to identify and track patients. The software system was commissioned by the pharmaceutical company GlaxoSmithKline. Medworq informs FTM that the files will be destroyed around 2020.

Medworq denies that GlaxoSmithKline has access to patient data. But Follow the Money says the internal documentation shows the opposite. GlaxoSmithKline does not deny it when asked.

FTM has contacted the relevant general practitioners and provided them with a fact sheet and other information where they can report to the Dutch Data Protection Authority. It was agreed that GPs would inform their patients themselves.

Consciously maintained data breach

Medworq informs FTM that it has prepared a report to the Dutch Data Protection Authority (PA). He has learned that he has also reported the theft to the police. The company says the employee got the data because of a labor dispute. The employee left at the end of 2019 with a divorce agreement.

The AP cannot tell FTM whether a report has actually been received from Medworq. Medworq said the relevant medical practices were reported shortly after the former employee received the records.

Research by FTM shows that this is not true: not a single GP or practice has been informed of the leak. Internal documents would show that Medworq had previously deliberately leaked data from general practitioners.

Source: NOS

follow:
\