Digital and beyond: Protecting patient privacy in general practice

Amanda Lyons

14/05/2018 2:45:23 PM

Practices need to be mindful of potential for ‘real world’ data breaches, as well as those in the digital space.

Healthcare privacy concerns are not exclusively digital; some conversations at the reception desk, for example, can represent potential privacy concerns within a general practice.
Healthcare privacy concerns are not exclusively digital; some conversations at the reception desk, for example, can represent potential privacy concerns within a general practice.

Dr Rob Hosking, GP and Deputy Chair of the RACGP Expert Committee – eHealth and Practice Systems, wants to help practices keep patients’ personal information safe, whether online, over the phone, face-to-face, or anywhere else.

According to Dr Hosking, the fact GPs have access to patients’ personal information bestows a very serious responsibility.
‘We are the custodians of large amounts of very sensitive information people have given us in the course of our consultations,’ he told newsGP.
‘I suppose you could say it’s the secular equivalent of the priest, or like lawyer–client confidentiality –  a very sacred area to work in.’
This week marks Privacy Awareness Week (13–19 May), an annual event run by the Office of the Australian Information Commissioner to raise awareness of protecting personal information. This issue bears emphasis in the wake of scandals such as the Facebook data breach or, even closer to home, the breach of Commonwealth Bank’s information affecting almost 20 million customer accounts.
Medical data can be perhaps even more sensitive than financial data for many, and the consequences of a breach can be grave, from the public release of potentially embarrassing information to the threat of identity theft. However, Dr Hosking believes general practice is fairly ahead of the curve in regards to digital privacy protection.
‘General practice has stayed up to date – proving that a practice protects patient privacy is part of accreditation,’ Dr Hosking said.
‘There is certainly great concern about electronic information getting lost. Once it’s breached, it can be sent very widely to a very large audience, so we have to be particularly mindful of that.
‘But [privacy protection] has been a long-term thing in general practice and it goes back to pre-computer days and paper-based records.’
In fact, Dr Hosking believes GPs should direct equal concern to privacy issues that occur in the ‘real world’ in addition to those inside digital systems.

‘There are multiple issues with privacy that aren’t just related to the storage of computerised health records,’ he said. ‘Even conversations held in the corridor rather than in consulting rooms have been a cause of concern in the past, or reception staff having loud voices and identifying patients on telephone calls.’
Nor is it just on-site interactions that can pose potential privacy issues. GPs and their practice staff should be mindful of privacy concerns over the phone, as well.
‘The reception staff at my practice often face a problem with ringing a patient and leaving a message. Who do they leave a message with?’ Dr Hosking said.
‘For example, if a mother answers the phone and the appointment is for the daughter to come and see the doctor the next day, it might be for something sensitive the daughter didn’t want her mother to know about.
‘Or the patient might have the mobile on hands-free while there’s a car full of relatives. So there are lots of concerns every time you ring somebody that you could breach their privacy inadvertently.’
Dr Hosking believes the solutions to such issues must be taken into account during the formation of practice policies and overarching philosophies.
‘It has to be a general consideration of the culture of the practice to be aware of patient privacy,’ he said.
‘For example, GPs moving into a consulting room to have those conversations about patients’ cases rather than the hallway. Or leaving computers with the screen locked when you leave the room so patients cannot see the previous patients’ records, and having screens not visible at the front desk by patients when they check in and check out.
‘There are all sorts of physical issues that go well beyond the consideration of what everybody thinks of as, “We have to prevent information from getting hacked”.’
The RACGP is a partner of Privacy Awareness Week and provides a suite of resources to help inform and guide GPs implement effective processes for the protection of patient privacy in their practices, including the recently released Information security in general practice.

data-breaches eHealth Office-of-the-Australian-information-commissioner Privacy-awareness-week

newsGP weekly poll What area of medicine do you find most difficult to stay across the changing clinical evidence?

newsGP weekly poll What area of medicine do you find most difficult to stay across the changing clinical evidence?



Login to comment

edward   15/05/2018 8:21:40 AM

At the present moment, even the big company get hack, what was the best anti virus software that is good and I don't think there is any anti virus software can be fool proof. there will be competition from the hacker / anti virus all the time.

In terms security, The government should roll out or choose the best program for the practice to use. So there will a standard practice. Simply talking without proper action is not helpful.

Anon   15/05/2018 12:50:31 PM

Australian GP healthcare system patient records/ communications need a complete overhaul, and data security should be part of that review. As an ex UK GP I'm shocked at the poor record keeping and health record updates, and lack of awareness of confidentiality by Drs and staff. Communication systems by fax are outdated and where is the security in that. No secure email system ( eg ) that could be useful as a universal communication system for use by healthcare providers / GP/ Hospitals. Letters regularly never arrive affecting patient care. Where is the clinical governance ?? !!