Preventing Cybersecurity Pain in Health
A comprehensive guide to health privacy has been released by the Australian Government to help curb the mounting number of data breaches in our health sector.
Over the past three years, health service providers have consistently been one of the top three sources of privacy complaints to the Office of the Australian Information Commissioner (OAIC).
The health sector has also been the leading source of notifiable data breaches since mandatory notification started last year.
The OAIC says it expects health service providers to be familiar with their privacy obligations, and to take all reasonable steps to protect the personal information they hold.
These obligations cover any organisation which provides a health service and holds health information from doctors, dentists and private hospitals to allied health professionals, pharmacists, childcare centres and gyms.
Despite the high value on the black market of stolen patient records, healthcare organisations on average spend only half as much on cybersecurity as other industries.
The OAIC says it has a range of regulatory powers to hold organisations to account, including auditing privacy practices, determining complaints or awarding compensation.
The new health sector guide details an eight-step plan for better privacy practice by health professionals:
- Develop and implement a privacy management plan
- Develop clear lines of accountability for privacy management
- Create documented records of the types of personal information being held
- Understand health privacy obligations and have processes to meet these responsibilities
- Hold staff training sessions on privacy obligations
- Create a privacy policy
- Protect information being held
- Develop a data breach response plan
Think Technology Australia has designed and installed a range of secure network solutions to suit the different requirements of medical and dental practices in Queensland and New South Wales, which have proved effective in reducing the risk of cyber-attack and data breaches.
