This little advertorial appeared a few days ago.
OAIC to commence GP Privacy Audits
29 October 2021
The Office of the Australian Information Commissioner (OAIC) is in the process of auditing 300 General Practices to ensure compliance with the Australian Privacy Principles relating to My Health Record.
Under Rule 42(1) of the My Health Records Rule 2016, any healthcare provider organisation that uses the My Health Record System (including GP clinics) must have a written access policy in place. That policy must ensure staff and contractors’ access to the MHR system is secure. The focus of OAIC’s assessments will be whether GP clinics have written access security policies in place and are complying with those policies.
The audits are focussing on:
- how staff and contractors are granted access to the MHR system;
- how that access is controlled and monitored; and
- how system risks are identified and managed.
Failure to have a suitable security access policy in place (and follow it) may amount to a breach of Australian Privacy Principles 1.2 and 11. These principles relate to the open and transparent management of personal information and the obligation to keep personal information secure.
OAIC will publish its findings and recommendations on its website in de-identified reports.
If your GP clinic receives notification of an upcoming privacy assessment from OAIC, you may wish to contact your Medical Defence Organisation for advice.
If you are a GP clinic that uses My Health Record and does not have a suitable security access policy in place, now is the time to act.
For further information about your privacy obligations, please contact Karen Keogh or Chelsea Gordon.
This article was written by Karen Keogh, Partner and Chelsea Gordon, Associate.
Karen Keogh
Partner | Sydney
Here is the link:
https://hwlebsworth.com.au/oaic-to-commence-gp-privacy-audits-2/
All I can do with this is thanks Ms. Keogh for bringing to our attention that despite the ANAO Audit of the #myHR pointing out that end-point security was potential vulnerability a few years ago no one seems to have had a close look o see what is actually happening ‘on the ground’ until now.
Surely this is an important piece of work that should have happened years ago. I hope they just get on with I and publish the findings ASAP!
David.
1 comment:
We should soon be getting ADHA's report on the ANAO end-to-end security review that they promised.
Could be embarrassing if it disagrees with the OIC's.
I bet ADHA just keeps quiet about it all. It's their standard strategy - don't rock the boat and hope nobody important notices. Climate change, nuclear submarines and COP26 are wonderful distractions.
Post a Comment