Friday, September 03, 2021

Now It Will Be Very Interesting To See Just What This Audit Reveals.

I spotted this last week:

OAIC to commence GP Privacy Audits

25 August 2021

The Office of the Australian Information Commissioner (OAIC) has announced its plan to audit General Practice clinics’ compliance with My Health Record privacy obligations. The audits are being described by OAIC as ‘assessments’ and will focus on promoting good privacy practice.

Under Rule 42(1) of the My Health Records Rule 2016, any healthcare provider organisation that uses the My Health Record System (including GP clinics) must have a written access policy in place. That policy must ensure staff and contractors’ access to the MHR system is secure. The focus of OAIC’s assessments will be whether GP clinics have written access security policies in place and are complying with those policies.

The assessments will focus on:

  1. how staff and contractors are granted access to the MHR system;
  2. how that access is controlled and monitored; and
  3. how system risks are identified and managed.

Failure to have a suitable security access policy in place (and follow it) may amount to a breach of Australian Privacy Principles 1.2 (relating to the open and transparent management of personal information) and 11 (relating to the obligation to keep personal information secure).

OAIC will begin by conducting an initial survey of a number of GP clinics in Australia, and will then perform detailed assessments of a smaller sample of clinics. OAIC will publish its findings and recommendations on its website in de-identified reports.

…..

This article was written by Karen Keogh, Partner and Chelsea Gordon, Associate. 

Karen Keogh

Partner | Sydney

Here is the link:

https://hwlebsworth.com.au/oaic-to-commence-gp-privacy-audits/

I seem to  remember a similar audit a few years ago but I have to say I can’t recall just what it found. At the same time I do remember the Auditor-General, a year or wo back,  did express concerns with the end-point security of the #myHealthRecord.

It is important that we get to hear what the audit found and what positive steps were taken to tighten things up. If we are going to have a ‘honey-pot’ system like the #myHR the least we can do is ensure it is as secure as possible!

Does anyone remember the results of the previous audit?

David.

 

1 comment:

  1. Be nice to see it extended to include the PHN’s they seem to harvest data from all sorts of places seemingly without good oversight.

    ReplyDelete