What is 'mandatory reporting' – and is it relevant for my business?
I run a health services business – how does this affect me?
What is My Health Record?
Why is this now more important than ever?
What can healthcare providers do?
- Review how your organisation manages its data: Know the kinds of data your organisation handles, and the value of the data. Know where it is stored, who has access to it and how it is secured.
- Know your obligations in operating within the My Health Record system: What obligations are imposed under the Privacy Act and under the My Health Record system on you as a business handling such sensitive information?
- Identify and understand relevant risk frameworks suited to your business: Consider different risk frameworks that may apply to your business. Decide on a framework, implement it and use it to evaluate your cybersecurity. Test the framework regularly and consider how it can be improved.
- Be prepared: Have a breach response plan in place. Consider the different types of breaches your business could suffer. Your plan should set out roles within your breach response team, and identify third parties or experts (IT security, legal, public relations) that will assist you in a critical situation.
- Consider insurance options available to your organisation: The terms of professional indemnity, public liability or other specialist classes of policy may not provide coverage for cyber related losses. Health practitioners and healthcare providers are advised to consult with their brokers or insurers to consider whether there are other products such as cyber policies that may provide the necessary cover.