Interesting stats After 12 months of Enforced Data Breach Notifications in Australia.

May 15, 2019

Other Blog Entries

Like the latest news on PicSafe and Medical/Clinical Photography?


You've been subscribed to our newsletter.

Oaic 12 data breach

On May 13, 2019, the Office of the Australian Information Commissioner (OAIC) released a report summarizing notifications received under the notifiable data breaches (NDB) scheme. This is included some interesting stats for the first 12 months of the scheme.

Key Findings

Healthcare had the most breaches

There were more data breaches in healthcare than in any other sector (206 - 28.5%). These figures clearly highlight the importance of securing data and how far the industry has to go!

Human error was the most significant cause

Human error was the biggest cause of beach (55%). The report suggests that, among other things, "technological solutions" are needed to assist employees. We agree!

Sending to the wrong person was the most significant cause

Personal information submitted to the wrong recipient was the most common human error breach in the health sector. Previous guidelines from various sources suggest that users should send a message to the intended recipient before including patient data to verify the recipient is the intended recipient. We suspect this will be the knee-jerk reaction here too. However, we strongly suggest this is not the best course of action.

If you look into the quarterly breach notification reports, they breakdown the channels used when there was a breach by sending to the wrong person. Over the year, sending patient data to the incorrect email address accounted for 48% of violations as opposed to mail and fax (52%) where patient data was sent to the wrong address or fax number. More care is needed, but requiring doctors to verify the recipient's email address is an unreasonable and impractical restraint. This, along with many other suggestions put forward by those, not in the trenches, is suggested for backside covering purposes! We don't want to discourage doctors from using digital methods of communication when they so clearly can lead to the better and more efficient delivery of patient care.

Malicious or criminal attacks are a problem

Malicious or criminal attack accounted for 44% of data breaches in healthcare. Of that, 34% was caused by the theft of paperwork or data storage device. While there are no further breakdowns, it would be fair to assume that a large portion of these breaches could be attributed to lost or stolen phones with patient photos on them. This issue could be largely eliminated by using a system where no patient data is stored on phones, just like PicSafe!

Oaic 12 data breach

Download the document from the BAD website.