Dec 11, 2018
What is a privacy breach and what do I need to do when a breach has been identified?
A breach is a loss of, unauthorised access to, or disclosure of, personal information.
In my experience reception, areas are an open space setting that tends to be the hub of activity in clinics. The area is typically a shared workspace that your nurses, doctors and administration personnel also need to access. The sharing of information between staff in this locality exposes clinics to potential privacy breaches.
Areas of concern at the reception include some of the following: -
Phone calls (incoming and outgoing)
Staff, visitors and patients
X-ray and laboratory reports
Privacy is challenging in a busy, front of house reception. Your reception staff are key to ensuring privacy.
In my role, I am available to assist in reviewing your reception procedures and making recommendations to ensure your key staff have the necessary skills to achieve optimum patient privacy.
If a breach occurs the following four steps are a guide to what action needs to be taken to identify and manage the person(s) personal information.
STEP 1 - Containment
Contain the breach
Appoint one person to oversee
Decide if a team is needed to investigate
If a Criminal activity is suspected call the Police
Retain any relevant evidence
STEP 2 - Evaluation
Identify the information involved and the specific content details
Determine if the information needs to be secured or encrypted
Is the cause able to be identified
Systemic problem or an isolated incident
Size of the breach
Would the breach result in harm? (e.g. identify theft, financial loss, loss of dignity)
Who potentially has this information
STEP 3 - Notification
Identify any risk or harm to the people affected
If law enforcement authorities are involved check when to notify affected people
Directly notify individuals (phone, letter, email or in person)
Consider any third-party contractors or parties that should be informed.
Any serious breach must be reported to the Privacy Commissioner
STEP 4 - Protection
Audit both physical and technical security
Review policies and procedures
Review staff training
Review any service partners caught up in the breach.
Contact: - Office of the Privacy Commissioner 09 3028680
Book online using the following link if you would like to discuss further, I welcome any queries and look forward to speaking with you.