What Is a Medical Privacy Breach?

What is a privacy breach and what do I need to do when a breach has been identified?

A breach is a loss of, unauthorised access to, or disclosure of, personal information.  

In my experience reception, areas are an open space setting that tends to be the hub of activity in clinics.  The area is typically a shared workspace that your nurses, doctors and administration personnel also need to access. The sharing of information between staff in this locality exposes clinics to potential privacy breaches.   

Areas of concern at the reception include some of the following: -

Phone calls (incoming and outgoing)

Staff, visitors and patients

Email communications

Incoming Faxes

Consultation Notes

X-ray and laboratory reports

Privacy is challenging in a busy, front of house reception.  Your reception staff are key to ensuring privacy.  

In my role, I am available to assist in reviewing your reception procedures and making recommendations to ensure your key staff have the necessary skills to achieve optimum patient privacy.

shutterstock_1188354160

If a breach occurs the following four steps are a guide to what action needs to be taken to identify and manage the person(s) personal information.

STEP 1 - Containment

Contain the breach

Appoint one person to oversee

Decide if a team is needed to investigate

If a Criminal activity is suspected call the Police

Retain any relevant evidence

STEP 2 - Evaluation

Identify the information involved and the specific content details

Determine if the information needs to be secured or encrypted

Is the cause able to be identified

Systemic problem or an isolated incident

Size of the breach 

Would the breach result in harm? (e.g. identify theft, financial loss, loss of dignity)

Who potentially has this information

STEP 3 - Notification

Identify any risk or harm to the people affected 

If law enforcement authorities are involved check when to notify affected people

Directly notify individuals (phone, letter, email or in person)

Consider any third-party contractors or parties that should be informed.

Any serious breach must be reported to the Privacy Commissioner 

STEP 4 - Protection

Audit both physical and technical security

Review policies and procedures

Review staff training

Review any service partners caught up in the breach.

Contact: -  Office of the Privacy Commissioner 09 3028680

Click here for more information.

Book online using the following link if you would like to discuss further, I welcome any queries and look forward to speaking with you.

To book a meeting with me

Connect with me on LinkedIn

Check out our medical services

Debbie Cripps

David Johnston
"Successful business is a result of interconnecting partnerships all working in synergy for a common goal. Our job is to ensure the efficiency and effectiveness of the strands that link it all together."

David Johnston
Think I.T. Team

News

Critical recall of some Zebra printer power supply units

It has come to our attention that Zebra has initiated a critical recall of some label printer power supplies manufactured between 2006 and 2012. There have been cases where these power supplies have caught fire putting people and property at risk.As you may have obtained Zebra printers from other sources, and we may not be able to accurately identify printers sold by us prior to October...  more...