This blog is totally independent and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Thursday, May 02, 2013
The Privacy Commissioner Is Providing Some Useful Information For All Businesses Including Health Care Businesses.
This article appeared a couple of days ago.
Privacy Commissioner launches Guide to Information Security
Guide covers governance, ICT security, data breaches, physical security and standards
The Office of the Australian Information Commissioner’s Privacy Week has begun in earnest with the unveiling of a Guide to Information Security in Sydney today.
Privacy Commissioner Timothy Pilgrim told delegates at a breakfast briefing that the Guide includes a list of non-exhaustive steps which would be reasonable for an entity to take before new Australian Privacy Principles (APP) reforms take place in March 2014.
The reforms update the Privacy Act 1988 and include changes to how personal information is handled, such as when it can be used for direct marketing and sent overseas.
Commenting on the Guide, Pilgrim said that if an organisation mishandles the personal information of its customers it risks loss of trust and considerable harm to the company’s reputation.
“This can also lead to loss of customers and an impact on the organisation’s ability to function,” he said.
Reading through the government’s newly released guide to information security, especially with the changes to the Australian Privacy act looming over the horizon, requires sorting through a mess of peculiar acronyms, extended dot points and open-ended questions.
Needless to say, it’s a complex document and it’s thorough. And perhaps this is just the kind of document needed to ensure that companies can’t wriggle their obligations when they are stung with a data breach. But could the complexity of the document prove to be its downfall? And are Australian businesses are in an urgent need of a wake-up call when it comes to data protection?
Well the changes afoot are daunting so perhaps some simplification is in order. But with less than a year to go before the reforms take effect many organisations are seemingly twiddling their thumbs; a prospect that won't fill Australian consumers with any confidence.
A survey of Australian business and government agencies commissioned by internet security company McAfee has found that 59 per cent of employees responsible for managing the personal information of customers were unaware or unsure of the changes.
While the Attorney-General Mark Dreyfus and the Privacy Commissioner Timothy Pilgrim spent a lot of time yesterday blowing the bugle of impending change, it looks like many organisations are destined to end up on the wrong side of a data breach.
There is a clear warning here for Health Information custodians and users. The rules are changing and you need to be across just what is means for you. A browse of the Office of the Information Commissioners web-site (www.oaic.gov.au) is a very good place to start.