Last week’s workshop on privacy law had its fair share of health care workers in attendance – an indication of how seriously the health sector takes this issue.
For those working in this area, two main points emerged:
There must be security measures in place for transmitting health information. Emailed information should be encrypted or password protected – protocols already in place at Synapse. Uploading documents to a secure website ensures privacy requirements are met.
All personal information collected in the context of providing a health service is health information. This means even information that does not relate to an individual’s health, such as their address, is considered health information when it is collected in this context. It’s not just medical records and doctor’s letters that fall into this category. Even medical billing is ‘health information’ and must be dealt with securely.
A recent ‘Background Briefing’ program on the ABC looked at the issue of privacy. One of the stories in that report alerted people to privacy concerns over photocopier hard drives.
In the US, a reporter bought four second-hand photocopiers from a warehouse in New Jersey and hooked up their hard drives to a computer. “(When) we hit ‘print’ on the fourth machine, from a New York insurance company, . . . we obtained the most disturbing documents: 300 pages of individual medical records, everything from drug prescriptions, to blood test results, to a cancer diagnosis.”
While the program presenter assures us that new digital photocopiers don’t store everything, the example is a warning about the risks inherent in electronic information storage.
If you’re interested in listening to the full Background Briefing program or reading the transcript, here’s the link: