To mark Privacy Awareness Week, the RACGP is reminding practices to evaluation insurance policies and procedures to make sure well being data is safe.
Health service suppliers have persistently reported probably the most data breaches of all sectors since 2018.
The well being sector stays the highest-reporting business for data breaches, with well being service suppliers notifying 83 data breaches throughout the interval for July–Dec 2021 – making up 18% of the 464 complete breaches.
This data comes from the most recent Office of the Australian Information Commissioner (OAIC) Notifiable Data Breaches (NDB) report. It confirms that well being service suppliers and the finance business have persistently reported probably the most data breaches of all business sectors for the reason that NDB scheme started in 2018.
For this 12 months’s Privacy Awareness Week (2–8 May), the RACGP is once more supporting the OAIC to boost consciousness off and remind basic practices the best way to minimise dangers of data breaches and data safety assaults.
According to the school, sustaining privacy is without doubt one of the key ideas of delivering protected, high quality healthcare, and practices are suggested to have strong insurance policies and procedures in place.
Dr Rob Hosking, Chair of the RACGP Expert Committee – Practice Technology and Management (REC–PTM), mentioned that though privacy is ‘something most GPs are very much aware of’, practices stay in danger.
‘Breaches are usually inadvertent and due to a breakdown in processes,’ Dr Hosking advised newsGP.
‘With increasing digitisation and automation of our services the risks of breaches keep increasing.’
Although now thought of considerably of an ‘old risk’, Dr Hosking mentioned written referrals might nonetheless current an issue if the GP doesn’t examine with the affected person whether or not they need all their data included in each referral.
A pc-generated referral might mechanically embrace data the affected person doesn’t need different folks to find out about.
‘This may result in a breach by providing the patient with an unsealed paper referral or email that is then visible to other family members if it is left lying around,’ Dr Hosking defined.
‘Or it could be the affected person feels it’s inappropriate that [for example,] a podiatrist referral contains all of their previous sexual well being historical past – equivalent to terminations of being pregnant, sexually transmitted ailments, erectile dysfunction – or psychological well being historical past and drugs taken for these situations.
‘Of course, this information may be appropriate in a referral to a specialist dealing in a related area of the patient’s well being.’
With some practices lately impacted by floods, Dr Hosking is anxious concerning the implications of misplaced affected person data, which might be thought of a possible breach of privacy.
He recommends decreasing the dangers by both utilizing a cloud-based system or each day back-up and removing of the backed-up data on daily basis away from the follow.
In addition to the RACGP’s suite of privacy sources out there for GPs and practices, the OAIC’s Guide to well being privacy is designed to assist well being service suppliers to grasp their obligations underneath the Privacy Act 1988, and ‘embed good privacy in their practice’.
Dr Hosking mentioned the school sources present recommendation round widespread ‘sensitive areas’ equivalent to offering affected person data to 3rd events, and he reminds GPs to use a person method when asking sufferers for data.
‘There are great safeguards that can be used within our computer systems to prevent [patient data breaches], such as preferences in recording patient past history, or using encrypted secure messaging systems or password-protected emails,’ he mentioned.
‘It still requires GPs to consider the sensitivity of what they are writing and the means of providing this information. Almost every case will be different, and a brief discussion may be required.’
Likewise, importing data to the My Health Record is greatest accomplished in session with a affected person notably if it seems there may be probably delicate data on a pc document, Dr Hosking mentioned.
In the July–Dec 2021 interval, the well being sector reported an equal variety of breaches ensuing from malicious or prison assault and human error (47% every).
Malicious or prison assaults stay the main supply of all breaches for all sectors, accounting for 256 notifications (55% of the entire), within the six-month interval. Data breaches ensuing from human error accounted for 190 notifications (41% of the entire).
The focus of Privacy Awareness Week 2022 is to determine and strengthen a ‘foundation of trust’ to guard privacy.
OAIC Privacy Commissioner Angelene Falk lately mentioned it’s ‘essential’ that organisations use greatest follow to minimise data breaches and, after they do happen, put people on the centre of their response to construct belief.
‘A key objective of the [NDB] scheme is to protect individuals by enabling them to respond quickly to a data breach to minimise the risk of harm,’ Commissioner Falk mentioned.
‘Delays in assessment and notification reduce the opportunities for an individual to take steps to protect themselves from harm.’
Dr Hosking reminds GPs that follow employees needs to be supported in being conscious of any potential dangers.
‘It’s additionally vital that our assist employees are conscious of potential safety points earlier than they ship or present data to a affected person,’ he mentioned.
‘Even a member of the family attending the follow to gather a prescription on behalf of the affected person is a possible privacy breach – we had a criticism about this in our follow and developed methods to keep away from this challenge.
‘The new eScript system can be a [potential] threat, as we might inadvertently ship an eScript to the fallacious cellphone quantity or electronic mail tackle.
‘While it is much more convenient to use this new system, it is good practice to check the phone number or email you are planning to use before sending.’
In addition to the RACGP’s suite of privacy sources, the Using electronic mail normally follow reality sheet has additionally been lately up to date as a useful gizmo for GPs.
Log in under to hitch the dialog.
data breach data safety OAIC follow safety privacy consciousness
newsGP weekly ballot
What scientific support instruments do you employ throughout day-to-day follow to automate repetitive duties?