Guidelines for improving privacy practices in the health sector

Morgan Liotta

22/10/2019 3:54:44 PM

The OAIC has released a comprehensive new resource to provide advice for all health service providers covered by the Privacy Act 1988.

Data protection
The new resource provides practical advice on meeting legal requirements and obtaining consent for the collection, use and disclosure of personal information.

The Guide to health privacy has been written specifically to assist GPs, practice staff and other health service providers understand their obligations under the Privacy Act 1988 and entrench good privacy procedures in their practice.
This resource comes at an opportune time, given that health service providers have ‘consistently’ been among the top three sources of privacy complaints to the Office of the Australian Information Commissioner (OAIC) over the past three years, and the leading source of notifiable data breaches since mandatory notification started in February 2018.
Key steps outlined in the new guide are intended to guide health service providers in meeting privacy obligations and protect patient data:

  • Develop and implement a privacy management plan and assign responsible person/s
  • Create a documented record of personal data the organisation handles
  • Understand privacy obligations and implement processes to meet them, including staff training sessions
  • Create a privacy policy and data breach response plan
Dr Penny Burns, GP and RACGP Expert Committee – Practice Technology and Management (REC–PTM) member, recently told newsGP that implementing sound information security and data protection standards and procedures not only helps protect practices from breaches, but builds on the trust that patients have in their healthcare providers.
‘Strong policies and procedures are one of the cornerstones for data management,’ Dr Burns said. ‘[For example,] training staff on secure information handling and helping them understand why this is important.
‘Patients trust GPs and they trust them with very private data – GPs are not new to the need to keep this data private and safe from unauthorised access and, in general, have a high level of understanding of their responsibility in handling confidential patient data.’
Dr Steven Kaye, Deputy Chair of the REC–PTM, agrees. He recently spoke with newsGP about the importance of GPs and practice staff remaining vigilant in order to protect healthcare data, while also maintaining patient trust.
‘The patient information held within a typical general practice is extremely sensitive and can be exploited in a number of ways, whether personal, financial or professional,’ Dr Kaye said.
‘Healthcare practitioners are in a unique position in that patients trust us with some of their most private information,’ he said. ‘We have a duty of care to ensure that data is locked down and kept safe from those who would misuse it.
‘None of this is news to GPs – we have long been aware that we have a responsibility to keep patient data safe.’
The Guide to health privacy details guidelines on collection and consent of health information, and how to communicate with patients about privacy notices. A communications toolkit for healthcare organisations and a poster to print out for display are also included.
The RACGP also offers a suite of resources to assist general practices in data protection:
Login below to join the conversation.

My Health Record notifiable data breach OAIC patient data privacy

newsGP weekly poll Do you think you will be privately billing more or fewer patients in 12 months’ time?

newsGP weekly poll Do you think you will be privately billing more or fewer patients in 12 months’ time?



Login to comment