By Ashleigh McMillan
Optometrists who think patient data have been lost or compromised will need to notify affected patients and report the incident to the Privacy Commissioner, under new legislation.
The Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed through the Australian Senate on 13 February. It states that in cases where there has been a data breach, practitioners must provide a statement to the Privacy Commissioner which describes the kind of information that was disclosed and how the data breach occurred.
Optometrists will also need to notify each patient who is affected by the data breach. A ‘data breach’ can apply to both information which has been hacked or stolen, as well as patient data which are accidentally disclosed or lost in circumstances which could be accessed by someone else.
Failure to notify may result in fines of up to $360,000 for individuals and $1.8 million for corporations.
National Professional Services Manager Luke Arundel says this is another important reason for optometrists to make sure that their IT systems, software and security processes are up to date, protected and being appropriately monitored.
‘The Ponemon Institute listed in its 2016 Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data that criminal attacks are the leading cause for half of all data breaches in healthcare. Of particular interest to criminals are the unique identifiers such as Medicare numbers, names, date of birth and billing information,’ he said.
‘Practice staff errors, third party problems and stolen computer devices make up the other half of data breaches, with the latter an important point to consider as break-ins at optometry practices appear to be increasing,’ Mr Arundel said.
Optometrists and other health practitioners across all Australian states and territories must comply with Commonwealth Privacy Act 1988 which contains the Australian Privacy Principals (APPs). These 13 APPs outline how the personal information of patients can be used and managed.
Optometry Australia has developed extensive resources to assist you in complying with the changes to privacy legislation introduced in 2014. The resources include a privacy check-list and clinical practice guides on accessing patient health records.