GP using HealthPathways

Tips to avoid a data breach in your practice

In Central Queensland, Sunshine Coast, Wide Bay by PHN Communications

Whilst understanding that issues of patient confidentiality are in the forefront of GP’s minds, we are continually challenged by new technologies that may not be as secure as they initially seem.

For instance, email (gmail, yahoo, outlook, apple mail) is not a secure means of sending patient clinical information (referral letters, scanned documents, identifiable photos etc) as it is normally not encypted, and as such is susceptible to interception. Even sending an email from a practice email address with just a patient’s name (thus identifying that the patient had attended a doctor) is potentially a breach of privacy.

All clinical information should be sent by secure messaging (e.g. Medical Objects, HealthLink), fax, encrypted email (e.g. KiteWorks), or via Australia post.

Some current pitfalls:

  • Occasionally, private health providers (e.g. allied health practitioners) only provide an email address for their referrals and no other way of sending a referral. GPs should inform them that the referral must be sent by secure messaging, fax, encrypted email, or via Australia post NOT regular email.
  • Emails sent within the Queensland Health email system are secure, but emails sent into and out of Queensland Health are not secure. Some Queensland Health services advertise that referrals should be sent to their Queensland Health email address. However, this is NOT secure if a GP is emailing from outside Queensland Health. Most Queensland Health services will accept referrals by secure messaging or fax – see your local HealthPathways website for details and referral options.

Information on data breach process can be found at:

https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/flowchart.pdf

More information in regard to the Notifiable Data Breaches scheme can be located at:

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme