The Privacy and Security SIG has had a busy year. I am especially proud of some achievements that we have reached, including a submission to the OAIC which was developed by members of the SIG and other HIMs in the industry. This enabled us to have a voice and be acknowledged as an important group in the health sector (National Health (Privacy) Rules 2018 review – Home (oaic.gov.au).
We have also had guest speakers at our SIG meeting, including Dr Kerin Robinson and Joan Henderson who, with many years of experience, brought great insight to Privacy.
It was also great to have a large number of people attend the Privacy and Security SIG meeting at the HIMAA virtual Conference. There were so many great conversations and queries that we almost couldn’t keep up! Please feel free to send any other Privacy related questions to our group. We also assisted a couple of HIMAA Members in navigating some Privacy concerns in their organisations, not to directly provide advice but more guidance and direction to key resources.
We plan to develop further materials and webinars for members in the coming year. Also, if you are a SIG convenor and would like to have some crossover meetings please contact me at sharon.campbell@hif.com.au
Now for a Christmas story related to Privacy and Security breaches (well it’s nearly Christmas!), so settle down in front of the fire with your favourite drink….
T’was the night before Christmas when all thro’ the hospital not a creature was stirring, except for the HIM who was reading the OAIC Notifiable Data Breach report and gave a gasp at the stats and the fact that health breaches were at the top of the graphs! (Notifiable Data Breaches Report: January–June 2021 – Home (oaic.gov.au).
Just as the HIM was hanging a stocking the FOI clerk rustled in. Oh no! I have emailed the personal health information meant for St. Nicholas’ reindeer Rudolph and I accidentally used an old email that included Dasher and Prancer! I tried to recall but alas it was too late as all had read the email. (Misdelivered Email Results in a HIPAA Data Breach (norcal-group.com).
Just as the HIM had settled their head on the desk for a nap there was a knock at the door by IT. Just letting you know that confidentiality was compromised through the use of pagers by doctors in our hospital informing others of COVID. It’s OK though, as the 16 year old who accessed the confidential patient data has had their computer taken away and we shall henceforth move to a secure messaging environment! (WA Health traces data leak to third-party pager service – Security – Telco/ISP – iTnews).
Then, alas, as the HIM donned their ‘kerchief and was heading for bed, a knock once more filled them with dread. The Nurse Unit Manager (NUM) flung open the door: I have a complaint! A famous patient was admitted and one of my nurses has tweeted ( Magda Szubanski Twitter: Nurse tweeted about her in hospital | news.com.au — Australia’s leading news site).
But wait, that’s not all: Hang on said the HIM, I need to access my emergency Christmas gin! OK, continue now. Well, stuttered the NUM, our receptionist Tanya has a 17 year old son who was admitted to hospital for treatment of an STD. When she read his medical record she was not happy and told him to his face! (Avant – Receptionist’s patient privacy breach a ‘red flag’).
I can’t handle anymore. Please share some of your emergency Christmas gin!
The CEO then arrived. OMG thought the HIM, can this night get any worse? Ho, Ho, Ho there said the CEO, I have made an executive decision and signed the hospital up with a vendor to deliver us the most excellent electronic medical record system. Before we progress, he continued, I need to know: do we have a Privacy Impact Assessment? Finally, a sensible question! The HIM replied: Not yet but I will organise one. ( Guide to undertaking privacy impact assessments – Home (oaic.gov.au).
Finally, when all had settled and were snug in their beds and had visions of sugar plums dancing in their heads, the HIM went home in the hope that all would go well in the delicate area of Privacy and Security.
As they were heading out the door, to their amazement they saw a miniature sleigh and eight tiny reindeer. The HIM knew that it must be St.Nick. And he whistled and shouted and call’d them by name: “Now Hacker, now Ransom, now Breaches, now Browser, now Attack, now Human Error, now Malicious, now System Error. To the top of the porch! To the top of the wall! Now dash away! Dash away! Dash away all!”
Have a merry and safe Christmas all!
Sharon Campbell
November 2021