The Office of the Australian Information Commissioner (OAIC) has released a new guide to health privacy to help keep patients’ personal information safe.
Announcing the guide, Australian Information Commissioner and Privacy Commissioner, Angelene Falk said that over the past three years health service providers had consistently been one of the top three sources of privacy complaints to the OAIC.
“They have also been the leading source of notifiable data breaches since mandatory notification started in February 2018,” Ms Falk said.
“The guide brings together a wide range of OAIC advice for all health service providers covered by the Privacy Act 1988.”
She expected all health service providers to be familiar with their privacy obligations and to take all reasonable steps to protect the personal information with which they were entrusted.
“This includes any organisation who provides a health service and holds health information, from a doctor or private hospital through to a dentist, gym or childcare centre,” Ms Falk said.
“Health information is considered to be some of the most personal information about an individual, and it must be handled responsibly and transparently.”
She said the guide featured an eight-step plan for better privacy practice which included those holding personal health information developing and implementing privacy management plans; developing clear lines of accountability for privacy management and creating documented records of the types of personal information they handled.
They should also understand their privacy obligations and implement processes to meet those obligations; hold staff training sessions on privacy obligations; create a privacy policy; protect the information they held; and develop a data breach response plan.
Ms Falk said that where there were serious breaches of privacy, the OAIC had a range of regulatory powers to hold organisations to account, including auditing privacy practices, determining complaints or awarding compensation.
“We can also seek civil penalties through the Federal Court of up to $2.1 million per privacy breach,” she said.
The Commissioner’s 65-page guide can be accessed at this PS News link.
