Response to: Snooping welfare staff sacked - From: The Australian - August 23, 2006
Privacy breaches can be reduced by:
- Defined policy on confidentiality
- Confidentiality as part of Code of Conduct
- Severe outcome from breaches of confidentiality
- Security access built into EDMS
- Security access linked to legislation
- Professional Records and Information Manager in charge of the records continuum
- Monitoring of access to corporate memory through electronic and manual audit trails
Not a unique case:
The Australian Privacy Foundation expressed concern over the Electronic Health Record (EHR) trials that were to start in March 2006 in NSW. From my readings their major concerns related to the public trusting the system and that the system needed to ensure the privacy and security issues had been properly addressed.
They identified some specific privacy issues with any shared EHR system:
- "the system by which patients can access their own records has poor security, so that the wrong people may easily gain access to patient records by posing as the patient (e.g. through guessing passwords, phishing, intercepting mail or email, or stealing token "keys")
- the system has poor online security, so that the wrong people may gain access to patient records by hacking into the database
- someone "inside" the system accesses patients" records for inappropriate reasons (e.g. to find our their ex-girlfriend"s new address)
- a clinician allowed the see patient records then uses or discloses the information for an unauthorised purpose (e.g. selling patient records to a pharmaceutical company)
- the very existence of a consolidated health record will lead a patient"s employer or insurance company to demand a copy of the full record from the patient, before they get the job or insurance cover"
http://www.privacy.org.au/Campaigns/E_Health_Record/HealthElink.html
Andrew Hayne is the Deputy Director Policy with the Office of the Privacy Commissioner and presented a paper to the Consumer Health Forum – Electronic Health Records Consumer Representatives Meeting 4th April 2006 that some of the key privacy issues for electronic health records are:
- Oversight
- Law and regulation
- Consumer control
- Secondary uses and
- Private sector involvement
In relation to data security he identified 3 specific issues:
- During transmission - the risk of interception and or misdirection
- Internal access protocols – who has access and is it limited to those who have a need to know
- Data storage – are the Information system safe from hacking and or inappropriate access.
http://www.privacy.gov.au/news/speeches/2006-04_OPC_CHF_presentation_on_ehealth/
The Privacy Commissioner, Karen Curtis, released a press release on the 23rd August 2006 wherein she stated that Australian Government agencies need to ensure they are meeting their obligations under the Privacy Act. Specifically she stated these agencies need to”meet their obligations under the Privacy Act to protect individual's personal information.” The full press release is here.
24 August 2006
Kemal Hasandedic
FRMA National President
Phone: 0438732220
Fax: 07 3210 1313
president@rmaa.com.au
