A data breach occurs when there is unauthorised access to personal information (including where information has been lost), risk of serious harm to individuals to whom the information relates, or an organisation has been unable to prevent the risk of serious harm. There has been a “significant shift” in the source of data breaches. In the past human error was most frequently listed as the main cause, yet in 2021 criminal or malicious attacks were the main source. One of the most significant cyber incidents in the Australian healthcare landscape was the attack of Queensland’s Uniting Care, which forced them to turn to paper operations for over a month.
“We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breached involving ransomware, including a clear understanding of how and where personal information is stored across their network.” – Angelene Falk, Australian Information Commissioner and Privacy Commissioner.
If you are new to the world of data governance, or would benefit from a refresher, there are great resources available to assist you.
- Privacy in Practice is a one-hour eLearning course containing three 20-minute modules including an introduction to the Privacy Act 1988 and key concepts, the safe handling personal information, and managing privacy issues. A certificate of completion is provided upon finishing the course.
- The OAIC provide this sample Notifiable Data Breach form to assist with training staff. In its live form, it is used to inform the Australian Information Commissioner of an eligible data breach where required by the Privacy Act 1988.
- RACGP’s Standards for general practices (5th edition) (Criterion C6.4 [information security]) contains indicators relating to practice’s legal obligation to manage health information. The RACGP’s information security in general practice guide can help you to set up your information security governance, assess the risks and keep your practice running, secure your network and equipment, and be safer online.
Managing and mitigating risk with good security governance allows your practice to operate successfully and sustainably, allowing you to focus on providing quality patient care.