Just last week, new legislation took effect which made it mandatory for certain businesses to report any privacy breach to government bodies. As a private health service, this included us.
We already had a high level of security and systems in place to protect your privacy but this new scheme gave us an opportunity to review our processes, upskill staff and ensure we were providing you with the level of protection you expect from your medical centre.
To comply with the Notifiable Data Breaches Scheme we were required to develop our own “Data Breach Response Plan”. Now, we already had a Disaster Recovery Plan in addition to our Policy and Procedures manual but this new plan is solely dedicated to your information held by us. The Data Breach Response Plan covers the identification of a data breach and details how our staff will respond to a breach, including when to escalate to the government agency responsible for the scheme, the OAIC (The Office of the Australian Information Commissioner).
What is a data breach?
Quite simply, a data breach is when data is lost or becomes available to someone who should not have it. To be notifiable (or eligible) then this data breach must be likely to result in serious harm to the person whose data was compromised. Serious harm could be physical, emotional, financial or reputational.
Here is the official page which outlines types of eligible data breaches: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme/identifying-eligible-data-breaches
What are we doing at Kedron Wavell Medical Centre?
We take your privacy very seriously so, in addition to staff attending training seminars, we have:
- formulated a written Data Breach Response Plan
- educated staff in the new legislation and our plan
- ensured our security measures are appropriate, both with respect to IT and staff access levels
- reviewed waste disposal processes
Complete Overview of The Notifiable Data Breaches Scheme https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
If you ever wish to know more about the Scheme please visit the links contained in this post or ask us at your next visit.