Privacy and security: why you cannot have one without the other
Privacy and security issues have become increasingly obvious with the growth of digital communication.
Medicine in particular relies heavily on sensitive information. It is important therefore to have an understanding of privacy and security and recognise how they are in fact different.
For good reason, doctors are cautious when it comes to medico-legal issues. Having previous experience in law in my former life, I believe it is useful to consider how privacy and security may impact on your practice.
Privacy and security can be hard to distinguish.
Fundamentally, privacy is the principle that sensitive and confidential information remain just that: confidential to only the selected parties.
Security consists of the tangible measures that are taken to guard this privacy such as security guards, locked doors and internet firewalls.
Many stakeholders in medicine are of the misguided view that by having a secure premises, the privacy of the sensitive and confidential in the possession or control is protected.
Wrong.
Having perfect physical and IT security doesn’t shield you from stolen passwords and login details scribbled on post it notes stuck to a monitor for easy access.
Think of the inconspicuous fax machine in a corridor which receives documents that anyone walking by could see. Or theatre notes left lying around in the tea room or casually tossed in the bin.
These examples are mistakenly seen as not breaching privacy obligations when it is in fact only secure within the building.
Conversely, you can’t have privacy without security.
Clearly, both privacy and security go hand in hand. While doctors individually may not be able to directly influence security measures within a hospital, there are certainly ways to mitigate the risks associated with handling sensitive and confidential information, which I will discuss in my next blog.
This problem, while a serious one, is not an unsolvable one. It is important to stay at the forefront of what industry experts, commentators and lawyers report on to be fully aware of the progress in addressing this problem. For anyone wanting to seek further information on this matter, I have included below a list of resources.
Health information and the privacy act:
http://www.oaic.gov.au/privacy/privacy-act/health-and-medical-research
Resources on health for individuals
State and territory privacy law
http://www.oaic.gov.au/privacy/other-privacy-jurisdictions/state-and-territory-privacy-law
RACGP privacy resources
http://www.racgp.org.au/your-practice/e-health/protecting-information/privacy/
Leave a Reply
Want to join the discussion?Feel free to contribute!