Australia has some of the most stringent patient privacy and confidentiality laws in the developed world. So, it stands to reason that any Australian healthcare firm, or company that deals with sensitive patient information as a third-party, must do as much as it can to keep that data as secure as it can.
In 1996, the United States passed a law that brings together a broad range of patient privacy and confidentiality rules in one neat package, called the American Health Insurance Portability and Accountability Act (HIPAA). It’s this law that other nations often turn to as a guide when drawing up their own guidelines – so what is the Australian equivalent?
Every health service in Australia is bound by the Privacy Act.
Just what is the Australian equivalent of HIPAA?
The Privacy Act 1988 is largely the Australian counterpart to HIPAA. As patient health data is easily one of the most sensitive kinds of personal information out there, the Privacy Act was partly designed to give further layers of protection to safeguard said data, amongst other material. In an example provided by the Australian government, any given company is required to obtain the consent of an individual before it can collect their health information. What’s more, each and every health service in Australia – no matter how large or small – is bound by the Privacy Act, further cementing patient confidentiality.
As such, anyone owning or operating a healthcare business in Australia needs to adhere to the rules and regulations set out by the Privacy Act. It’s enforceable legislation, meaning that it’s illegal for any affected party to opt out. With this in mind, it’s of paramount importance that healthcare organisations both understand the terms laid out by the Privacy Act, and vigorously enforce them.
Let’s take an in-depth look at the Privacy Act, what it covers, its regulations, and just why it’s vital that those that are required to comply, do so.
Why is it important to comply with this law?
Should your healthcare firm fail to comply with the Privacy Act 1988, you’ll be liable for a hefty fine – and we do mean hefty. Presently, the largest fine possible under the Privacy Act stands at a whopping $2.1 million. That’s the sort of fine that can make a serious dent in any company’s finances, so it’s well worth your while putting stringent privacy procedures in place to avoid such a fee.
It’s not just the threat of a fine that should convince you to put confidentiality security measures in place, however. The privacy of your patients should come before any financial motivation.
Who and what does the Privacy Act cover?
The Privacy Act not only covers a patient’s health issues, it also looks after a person’s private information – that is, any sort of data that could potentially identify said individual. This data includes, but is not limited to:
- Contact information
- Medical examination results
- Previous or ongoing prescriptions
- Minutes from patient-to-doctor conversations
- Medicare numbers
- Facility admission/discharge data
As you can see, the Privacy Act goes into some depth, and with all that information out there, it’s imperative that it’s kept under proverbial lock and key.
Common misconceptions of Australian medical confidentiality
So, what actually happens to a patient’s medical documents when talked about in a confidentiality sense? Largely, nothing – they remain secure from all prying eyes except for those that need legitimate access to them. Even so, there can come a time where exceptions can be made. According to the Medical Indemnity Protection Society (MIPS), patient data can be released to the relevant parties if:
- The patient is at serious risk, or they pose a risk to another person
- It forms part of approved research
- It’s in the best interests of society
- The law requires it
A complex situation arises if a patient admits to a serious crime during a confidential meeting with their doctor. For example, should a patient reveal that they have seriously assaulted a person but are yet to inform the police, or has no intention of doing so, their doctor has every right to take that information to the authorities. The MIPS clarifies this further by stating that it is an offence to knowingly conceal a serious indictable crime, even if bound by the Privacy Act. This is typically the only real reason that such a situation might take place. Here are a few common myths and misconceptions:
- Healthcare services can share sensitive health information with prospective employers – FALSE
The Privacy Act 1988 does not allow healthcare providers to disclose an individual’s health information to a potential employer, unless that person has given explicit, written consent. This is a common misconception, but one which we can confidently debunk.
- A doctor is not allowed to share specific medical records with another health professional – FALSE
They can, and don’t need a patient’s consent. However, healthcare professionals sharing a patient’s medical records do so for the good of the individual – for example, a doctor referring his or her patient’s records to a physiotherapist should a particularly nasty knee injury be brought to their attention. Only if the information is shared in a malicious manner is the transfer of records in violation of the Privacy Act.
- The Privacy Act only applies to physical, paper-based information – FALSE
The Privacy Act was first put together in 1988, when cloud-based computing and storage system were but a twinkle in a developer’s eye. Therefore, some believe that the Privacy Act refers only to physical, paper-based records, but that’s not the case. The Act is updated constantly to keep up with modern trends, and covers all patient records, no matter which medium they are stored on.
Even though a large proportion of medical data is now stored in the cloud, that doesn’t mean that physical, printed materials have fully taken a back seat. Indeed, such items as prescription labels and other medical documents can often be accidentally misplaced, stolen or fall into the wrong hands. This means that investing in secure printing systems is of paramount importance in ensuring that your healthcare facility meets the requirements of the Privacy Act.
Investing in secure printing systems is will help ensure that your healthcare facility meets the requirements of the Privacy Act.
Innovative, state-of-the-art printing solutions mean that errors will be minimised, time saved, and overall productivity improved. That’s because they feature full EMR interoperability, so sharing patient records, key care instructions and medication lists between health carers is an absolute cinch.
These days, modern healthcare facilities can utilise electronic medical records (EMRs) for fast, efficient care, which can be shared across a multitude of healthcare providers. As with all other kinds of confidential or sensitive documents, EMRs too need to comply with the Privacy Act. Here’s how we can do this.
How we can keep EMRs secure
Today’s healthcare systems are intuitive and efficient, with medical professionals being able to check a patient’s record simply by referring to that data in cloud-based software. This means that multiple people – from, say, a GP to a psychiatrist – can work in a highly collaborative manner, without the need for physical paper notes to be passed from person-to-person.
Any data held online is susceptible to hackers and other malicious threats, such as viruses and the like.
Of course, any data held online is susceptible to hackers and other malicious threats, such as viruses and the like. It’s nigh-on impossible to put a number on how many cyberattacks are carried out in Australia each day, but we can certainly attach a figure to more prominent occurrences. Indeed, approximately 400 Australian businesses are thought to have been targeted by the allegedly state-sponsored Russian attacks in 2018, according to then-Defence Minister, Marise Payne. CyberWatch: Australia states that now, because medical records are largely stored as EMRs, healthcare facilities are often a preferred target.
The same source mentions that Melbourne Heart Group was the victim of an attack that saw them unable to get into their filing system. Some 15,000 files were scrambled when an organised cybercrime syndicate hacked its way into their server. Access to files was blocked completely, and a ransom was demanded. A payment was made, but a multitude of patient files and other, sensitive medical records remain unrecovered.
Luckily, there are several steps that can be put in place to safeguard against such attacks, bringing your company into line with the Privacy Act. Password-protected access, encryption, and automated backups all help in the fight against cybercrime, so it’s essential that these measures are put firmly into place.
Falling foul of the Privacy Act can result in a hefty fine.
Brother has a great raft of healthcare print solutions and products to help ensure your healthcare firm does not fall foul of the Privacy Act. We know how high-pressured and difficult the healthcare profession really is, let alone having to worry about whether or not you’re fully compliant. Let Brother ease the strain – our printers and scanners are fully interoperable and are at the very frontier of patient confidentiality. Be sure to contact our expert team to find out what we can do for you.