Quote
Call centre managers were aware of the behaviour but did not do anything to stop it, and one manager was even a member of the Snapchat group.
Several of the images posted to the Snapchat group, and seen by RNZ, poked fun at people who had injured themselves while drunk or intoxicated by drugs.
In one, an employee mocked a claimant who was hurt after taking "200 ampules of nitrous at a party". They posted the details with a silly face emoji and the comment: "Girl really went all out".
The whistleblower said privacy training for call centre staff was inadequate despite all of them having access to sensitive claims information.
Contrary to what many believed there were no special measures to protect medical records belonging to sensitive claims, and once the identity of the caller was verified, call centre staff could see all their claims and view all their medical records, they said.
"All we have to do is go into the documents tab and literally everything is sitting in there. And if we wanted to click on every individual one, and just open it up, there's no passwords to get into.
"We're told to ask for their full name, including middle name, their date of birth, their address on file, and their phone number and then that's security done."
Colleagues' behaviour and the general lack of security had put the employee off lodging their own sensitive claim, because they knew how easily staff could access the information.
"All of my providers that I've been talking to, therapists and things, they say, you know, it's confidential information. But I work for ACC, so I know it's not."
Several of the images posted to the Snapchat group, and seen by RNZ, poked fun at people who had injured themselves while drunk or intoxicated by drugs.
In one, an employee mocked a claimant who was hurt after taking "200 ampules of nitrous at a party". They posted the details with a silly face emoji and the comment: "Girl really went all out".
The whistleblower said privacy training for call centre staff was inadequate despite all of them having access to sensitive claims information.
Contrary to what many believed there were no special measures to protect medical records belonging to sensitive claims, and once the identity of the caller was verified, call centre staff could see all their claims and view all their medical records, they said.
"All we have to do is go into the documents tab and literally everything is sitting in there. And if we wanted to click on every individual one, and just open it up, there's no passwords to get into.
"We're told to ask for their full name, including middle name, their date of birth, their address on file, and their phone number and then that's security done."
Colleagues' behaviour and the general lack of security had put the employee off lodging their own sensitive claim, because they knew how easily staff could access the information.
"All of my providers that I've been talking to, therapists and things, they say, you know, it's confidential information. But I work for ACC, so I know it's not."
https://www.newshub....ter:newshub-now