Insider threats in the health sector are significant threat to privacy

June 20, 2016 |

The Health Sector is complex and data driven.  From a single doctor’s surgery to large teaching hospitals the amount of data collected is enormous.  There is highly sensitive personal information in a patient’s medical file and their financial information with billings details, medicare and health insurance information and employee records.  There is a trove of information kept on site.  Often medical information is accessible from multiple sources and a many parties such as doctors, nurses and specialists needing access.  Unfortunately poor data storage and access policies and inadequate training means that many other staff can and sometimes do access sensitive personal information.  Then there is the problem with data disposal.  Masses of personal information is kept in paper form and the quality of the disposal is all too often haphazard.

This is amply highlighted by recently reported incidents including:

 And there are other instances. In Australia there is no mandatory data breach notification so it is difficult to assess the extent of data breaches in Australia.  The media is far less interested in this subject than overseas.

Health information is defined as sensitive information under the Privacy Act. Notwithstanding this sensitivity the culture within health centres is ambivalent towards data security and the quality of the training and commitment to compliance with data protection laws very poor.

One Response to “Insider threats in the health sector are significant threat to privacy”

  1. Insider threats in the health sector are significant threat to privacy | Australian Law Blogs

    […] Insider threats in the health sector are significant threat to privacy […]

Leave a Reply