Privacy Awareness Week, held earlier this month from 1 to 7 May, is an annual event which aims to raise awareness and promote best practices in privacy and data protection.
It is the responsibility of healthcare providers to ensure patient information is always kept secure and private.
The following discusses the basics of keeping patient information secure and private by having security protocols in place and protecting access to sensitive information.
Security protocols are a set of guidelines and procedures which help ensure the confidentiality, integrity and availability of information.
Protocols are essential for protecting patient information from unauthorised access, use or disclosure.
Some basic security protocols healthcare providers should have in place include:
Access control: Access control is the process of granting or denying access to resources based on the user’s identity, role and permissions. Healthcare providers should implement access control mechanisms such as passwords, two-factor authentication and role-based access control to ensure patient information is only accessible to authorised personnel.
It is vital to keep access secure by not sharing passwords with multiple people as it can pose a significant security risk. Passwords should never be shared or reused and healthcare providers should use strong passwords which are difficult to guess.
Special attention needs to be given to your PRODA account or clinical software, every person accessing information should be identifiable and, if necessary, their access removed if they are no longer employed by the practice.
Provider Digital Access (PRODA) is an online identity verification and authentication system which lets you securely access a range of government online services for healthcare providers. Your PRODA account authorises most transactions through Medicare and will become more important as more services become digital, so protect it as you would your banking details.
Encryption: Encryption is the process of converting data into a code to prevent unauthorised access. Healthcare providers should encrypt patient information both at rest and in transit to ensure it cannot be intercepted or accessed by unauthorised parties.
It is important to note that while most clinical software programs offer encryption to protect patient information, healthcare providers must ensure they configure and use the software correctly to maintain the security and privacy of patient information.
Secure messaging is another essential tool in healthcare, as it enables healthcare providers to collaborate and communicate with each other without compromising patient privacy.
It is also important to comply with relevant regulations and standards, such as the Australian Privacy Principles and the My Health Record Act, when handling patient information.
There are several secure messaging platforms available in Australia which comply with these regulations and standards, including Argus, Medical-Objects, ReferralNet and HealthLink.
Audit trail: An audit trail is a record of all actions taken on a system or application. Healthcare providers should implement audit trails to monitor access to patient information and detect any unauthorised access or changes.
For instance, using My Health Record (MHR) creates an audit trail to identify who is accessing data and when it is accessed. This can be useful in identifying any unauthorised access or changes to patient information.
It is important to regularly review audit trails to ensure patient information is only being accessed by authorised personnel and for legitimate reasons. By implementing audit trails, healthcare providers can better protect patient information and maintain the trust of patients.
Privacy Awareness Week is a timely reminder of the importance of protecting patient information from unauthorised access, use or disclosure.
By having security protocols in place and not sharing passwords in PRODA or clinical software, and using secure messaging platforms comply with relevant regulations and standards we can ensure patient information is kept secure and private.
Let us all do our part in maintaining the privacy and confidentiality of patient information.
Set up your My Health Record Security and Access Policy with this template.
If you require help setting up any of these security protocols or untangling your PRODA account, please reach out to your PSO or the Digital Health team at DigitalHealth@swsphn.com.au.