Principal Kellie Dell’Oro and Solicitor Jeremy Smith of Meridian Lawyers have penned advice to PDL members in the organisation’s latest practice alert…
It is trite advice to Australian health practitioners to say that they must exercise caution when dealing with their patients’ sensitive health information. However, even the most cautious practitioner or organisation can fall victim to an inadvertent breach of patient privacy.
Accidents happen, and Meridian Lawyers frequently receives requests for assistance from practitioners or organisations who have unintentionally disclosed or lost sensitive health information about one of their patients. The error could be as simple as sending an email with attachments to the wrong email address or including health records on a USB intended for the wrong patient.
In late February 2020, the Office of the Australian Information Commissioner (the OAIC) reported that there were 117 separate data breach incidents involving sensitive health information notified to the OAIC over a 6-month period, by health service providers nationally.
Each of these data breaches were required to be notified because effective remedial action had not been taken in time, potentially resulting in serious harm to the individuals involved.
Cyber-attacks and physical theft of medical records made up a large portion of the data breaches. These may be difficult for individual practitioners to prevent. However, just under half of the incidents were the result of human error.
Most frequently, health service providers sent the information to the wrong email, or accidentally released or published sensitive health information, or physical files/devices containing medical records were lost. These incidents can and should be prevented.