RACGP President-elect reaffirms commitment to stopping data breaches

Doug Hendrie

31/07/2018 9:45:41 AM

The RACGP has reiterated its commitment to ensuring general practice is able to fight the risk of data breaches.

RACGP President-elect Dr Harry Nespolon said the RACGP takes all data breaches, big and small, very seriously.
RACGP President-elect Dr Harry Nespolon said the RACGP takes all data breaches, big and small, very seriously.

RACGP President-elect Dr Harry Nespolon said GPs are the champions of data privacy within the healthcare sector.
‘As GPs we work with highly sensitive data every day, which is why it is so important that we take all possible steps to ensure its security,’ he told newsGP.
‘It is important that we remind all GPs and their fellow practice staff members to ensure all processes are properly in place and are constantly reviewed to ensure no patient has their data compromised by human error.’
The announcement comes as the second quarterly report by the Office of the Australian Information Commissioner (OAIC) found the health sector has been responsible for 49 of 242 notifiable data breaches (though it was specified that these notifications do not relate to My Health Record).
Nine of the breaches were theft of paper or data storage, and eight were online incidents.
The Notifiable Data Breaches laws came into effect in February this year.
Dr Nespolon said it is concerning that the health sector had the highest number of breaches this quarter.
‘The RACGP takes all data breaches, big and small, very seriously and urges anyone who feels they may have had data compromised in their practice to contact our member services centre to be connected with the right legal support,’ he said.
However, Dr Nespolon predicted the continued uptake of patient management systems with strong security credentials would lead to a reduction of data breaches.
‘We expect to see the number of patients who do have their information breached to drop,’ Dr Nespolon said.
‘It is not surprising that most reports do relate to health information, as this is seen by most people as their most important information.’ 
Dr Nespolon said that while the leading cause of breaches was human error, regulatory change – such as removing the preference for fax over email – would increase patient privacy.
‘Within general practices, everything possible is done to remove the chances of cyber-attacks or human error but, unfortunately, outdated systems can lead to an increased chance of human error,’ he said.
‘GPs are still expected in many parts of the health system to use fax and other outdated methods to send data, which comes with higher chances of human error than well-maintained client management databases.’
The RACGP has been a Privacy Awareness Week partner with the OAIC for four years, and will continue to work with the agency on ways to reduce data breaches through education and awareness of how to keep patient records without risking a breach.

GP resources
The RACGP has a number of resources to help GPs ensure the privacy of patient health information, including:

  • Privacy and managing health information in general practice
  • Privacy policy for general practices template
  • Patient privacy pamphlet template

cybersecurity data breaches Notifiable Data Breaches patient data privacy

Login to comment

Paul Waite   2/08/2018 9:08:46 AM

The RACGP computer standards are from 2013. A lot has changed in the cyber security industry over the past 5 years. The advice and approach needs a refresh.


 Security code