Digital health & cyber security Presented by Chelsea Gordon - - PowerPoint PPT Presentation

digital health cyber security
SMART_READER_LITE
LIVE PREVIEW

Digital health & cyber security Presented by Chelsea Gordon - - PowerPoint PPT Presentation

Oct 23, 2022 36 likes •186 views

Digital health & cyber security Presented by Chelsea Gordon Wednesday 1 August 2018 2 3 My Health Record 4 MyHealth Record Patients can see My Health Record can who has looked only be accessed at or updated by the patient, carers and

slide-1
SLIDE 1

Digital health & cyber security

Presented by Chelsea Gordon Wednesday 1 August 2018

slide-2
SLIDE 2

2

slide-3
SLIDE 3

3

slide-4
SLIDE 4

My Health Record

4

slide-5
SLIDE 5

MyHealth Record

My Health Record can

  • nly be accessed

by the patient, carers and people involved in their healthcare There are tough privacy and

security rules

Patients can

control who can

see their My Health Record Patients can see who has looked

at or updated

their My Health Record

slide-6
SLIDE 6

Regulation

  • Privacy law
  • Criminal law
  • Corporate law

6

slide-7
SLIDE 7

Privacy Law in Australia

  • The Privacy Act 1988 (Cth) regulates how personal information

is handled in Australia

  • The Privacy Act applies to private businesses that:

– have a greater annual turnover than $3 million (note exceptions); – provide health services and hold health information; or – are contracted service providers for a Commonwealth contract (whether or not a party to the contract)

7

slide-8
SLIDE 8

Privacy Principles

  • Open and transparent
  • Anonymity and pseudonymity
  • Collection and management
  • Use or disclosure
  • Direct marketing
  • Cross-border disclosure
  • Quality & security
  • Access & correction

8

slide-9
SLIDE 9

Types of information

9

Privacy Act

Personal

Sensitive

Health

Financial

slide-10
SLIDE 10

Security of personal information

  • Take reasonable steps to protect the information:

– from misuse, interference and loss; and – from unauthorised access, modification or disclosure.

If the information is no longer required and there is no law requiring its retention, the entity must take reasonable steps to destroy the information or to ensure that the information is de- identified.

10

APP 11

slide-11
SLIDE 11

Notifiable data breach

11

slide-12
SLIDE 12

Current Position

12

Unauthorised access

  • r disclosure of

information OR Information lost and disclosure likely Reasonable person conclude breach likely to result in ‘risk

  • f serious harm’ and

unable to prevent harm Must notify OAIC and individuals affected

slide-13
SLIDE 13

Practical reflections

13

  • Have an up to date:

– Privacy policy – Cyber security policy – Data breach response plan

  • Consider cybersecurity insurance
  • Confirm whether any international regulations apply
slide-14
SLIDE 14

Team Contacts

Karen Keogh Partner P +61 2 9334 8884 E kkeogh@hwle.com.au Chelsea Gordon Associate P +61 2 9334 8987 E clgordon@hwle.com.au

14

slide-15
SLIDE 15

Adelaide | Brisbane | Canberra | Darwin | Hobart | Melbourne | Norwest | Perth | Sydney