This appeared last week:
7 steps to avoiding a human data breach
Ms Gillman is head of medicolegal advisory service at Avant.
27th June 2019
Dramatic cyber-attacks may make the headlines, but in fact, simple human error accounts for more data breaches in the health sector than any shadowy figures.
In the first year of the Notifiable Data Breaches scheme, the Office of the Australian Information Commissioner (OAIC) advised that health service providers reported the highest number of incidents, around 20% of all breaches.
Of the breaches involving health service providers, more than half were due to human error.
We’ve reviewed the OAIC report and calls to Avant involving data breaches, and have identified the following key learnings.
1. Check before pressing send
Errors such as private information being sent to the wrong recipient accounted for one in 10 breaches reported to the OAIC.
This was also high on our list of reasons for calls — and the source of considerable angst. It is an easy error to make if you are emailing or texting patients.
2. Check before posting
We also had a number of calls where information was posted to incorrect addresses or information such as recall letters intended for several recipients was included in one envelope.
While many practices are cautious about sending sensitive information electronically, it is important also to check you have robust procedures in place for posting information.
3. Beware the autocorrect
Another emerging theme was the perils of autotext. This can be a problem in both email programs and word processing software, which may default to include recently or frequently used addresses.
This can contribute to the problem of information being sent to the incorrect address.
It could also lead to patient information in reports or referral letters being sent to the wrong provider.
The other tips and more general advice here:
Given the reputational and financial risks posed with all this it is worth thinking these ideas through carefully.
David.
No comments:
Post a Comment