Blogs

Gone with the Wind – Ensuring medical record security

11 May 2016

by Dr Sara Bird

Hand reaches toward a filing cabinet with PRIVACY written in bold

Two recent reports in the media which caught my attention highlight the importance of ensuring the security of medical records.

1. Medical records of at least a dozen patients were found blowing around a local park. The records had reportedly been stolen from a local general practice which was relocating premises.

2. A patient was contacted by a stranger who informed him that he had found a copy of the patient’s hospital records on a street near the hospital. A hospital investigation revealed that the records had been copied by an intern as part of his end of term assessment, and inadvertently lost.

MDA National commonly hears about:

theft or loss of computers, mobile phones and removable storage devices which contain medical records, especially where there is no password protection
theft of medical records from a car, where the records were being used for home visits
inadequate storage or disposal of paper-based records.

The Office of the Australian Information Commissioner (OAIC) has a range of enforcement powers for privacy breaches

Aside from the impact on patients, and the reputational damage for organisations, these types of privacy breaches can be investigated and prosecuted by the OAIC. Potential penalties include:

payment of financial compensation, or an apology
penalty orders of up to $340,000 for individuals and up to $1.7 million for companies.

There are government plans to introduce a mandatory data breach notification scheme

Although legislation has not yet been passed, the OAIC recommends that all medical practices and organisations have a response plan that includes notifying affected patients and the OAIC, especially if there is a risk of serious harm as a result of the data breach.

Four key steps to consider when responding to a breach:

Contain the breach and do a preliminary assessment
Evaluate the risks associated with the breach
Notification
Prevent future breaches.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.

Library

Gone with the Wind – Ensuring medical record security

Events

{{item.title}}

Protecting Your Provider Number: When Medicare comes knocking – Webinar Excerpt

Loss Leading to Learning: Strengthening teamwork in response to Jack and Dr Bawa–Garba’s case – Webinar Excerpt

DNA Deliberations: Tips for talking about direct-to-consumer tests – Webinar Excerpt

Intimate Examinations: Respect and Responsibility – Webinar Excerpt

Gone with the Wind – Ensuring medical record security

Events

{{item.title}}

Protecting Your Provider Number: When Medicare comes knocking – Webinar Excerpt

Loss Leading to Learning: Strengthening teamwork in response to Jack and Dr Bawa–Garba’s case – Webinar Excerpt

DNA Deliberations: Tips for talking about direct-to-consumer tests – Webinar Excerpt

Intimate Examinations: Respect and Responsibility – Webinar Excerpt

Blogs

Are you oversharing on social media?

Blogs

My Health Record - are your policies up to date?

Blogs

Anaesthetic practice targeted by hackers

Stay connected

Subscribe to our medico-legal updates.