Written by Dr David Chatterton.
A recent survey by Accenture showed that 89% of Australian consumers believe the security of their digital healthcare data is important, yet 16% have experienced a breach of their healthcare data. In response, 30% of consumers who experienced a breach switched to another healthcare provider.
As more and more health information is digitised, healthcare providers must understand their role and responsibility in managing and protecting patient data, as a failure to do so can negatively impact patients and result in financial penalties and damage the reputation of your business.
The survey also found that among those Australian consumers who experience a breach, the second most common occurrence happened at a pharmacy (28%). This highlights the importance for pharmacies to balance the operational needs for availability of patient information with the need to protect that information from unauthorized disclosure.
Now that the Australian Government's mandatory data breach reporting laws have come into effect, including penalties for company directors, pharmacies need to apply a security mindset to staff training, processes and technology and have a plan in place for handling a data breach.
Similar to living in a bushfire-prone region where you would have a bushfire plan in case a fire does come your way, you should have a plan should you have a data breach. How you manage an incident can go a long way towards limiting the impact and restoring the trust of your customers.
What constitutes a breach?
For starters, what constitutes a breach? The key points are:
Therefore, unauthorised access to a patient's identity and their health information is likely to meet the criteria of a breach.
A data breach plan
Your data breach plan should include:
At MedAdvisor, we are the custodians of large amounts of personal, health and medical data, and we understand the seriousness of ensuring that our pharmacies' and their patients' data is kept safe and secure. This is in accordance with all of Australia's strict privacy laws, including the Privacy Act 1988, our Privacy Policy, Pharmacy License Agreement and our Patient End User License Agreement. MedAdvisor follows best practices for the secure transmission and storage of patient and pharmacy data in highly secure and certified Australian data centres. We are continuously improving our processes and procedures to ensure that we retain your trust and loyalty with all our products and services.
Read our next post: Best Practices for Managing and Preventing Security Breaches