May 15, 2019
You've been subscribed to our newsletter.
On May 13, 2019, the Office of the Australian Information Commissioner (OAIC) released a report summarizing notifications received under the notifiable data breaches (NDB) scheme. This is included some interesting stats for the first 12 months of the scheme.
There were more data breaches in healthcare than in any other sector (206 - 28.5%). These figures clearly highlight the importance of securing data and how far the industry has to go!
Human error was the biggest cause of beach (55%). The report suggests that, among other things, "technological solutions" are needed to assist employees. We agree!
Personal information submitted to the wrong recipient was the most common human error breach in the health sector. Previous guidelines from various sources suggest that users should send a message to the intended recipient before including patient data to verify the recipient is the intended recipient. We suspect this will be the knee-jerk reaction here too. However, we strongly suggest this is not the best course of action.
If you look into the quarterly breach notification reports, they breakdown the channels used when there was a breach by sending to the wrong person. Over the year, sending patient data to the incorrect email address accounted for 48% of violations as opposed to mail and fax (52%) where patient data was sent to the wrong address or fax number. More care is needed, but requiring doctors to verify the recipient's email address is an unreasonable and impractical restraint. This, along with many other suggestions put forward by those, not in the trenches, is suggested for backside covering purposes! We don't want to discourage doctors from using digital methods of communication when they so clearly can lead to the better and more efficient delivery of patient care.
Malicious or criminal attack accounted for 44% of data breaches in healthcare. Of that, 34% was caused by the theft of paperwork or data storage device. While there are no further breakdowns, it would be fair to assume that a large portion of these breaches could be attributed to lost or stolen phones with patient photos on them. This issue could be largely eliminated by using a system where no patient data is stored on phones, just like PicSafe!
Download the document from the BAD website.