Hi! Thanks for the question.
The National Privacy Code is the main law being seen as the answer to
the issues as regards to data protection in the health sector. The act
is mentioned because it is the main source of arguments for the
articles that mentions the issue of data protection in the healthcare
industry of Australia.
Note: Some of the documents here are in PDF format so you would need a
reader like Adobe Acrobat to view them. If you havent installed it in
your PC yet you can download the software here
(http://www.adobe.com/products/acrobat/readstep2.html). Furthermore, I
will provide small snippets from the articles cited so as to save you
time but I highly recommend that you read them in their entirety so as
to get a more comprehensive understanding of the issues.
The following are issues as regards to data protection in the
Australian health sector.
The National Privacy Code aims to address the following issues of data
protection in the health sector of Australia.
a.) Collection:
This principle requires health service providers (and by definition,
nurses) to only collect information that is necessary to deliver the
health service and it must be collected with the persons consent.
b.) Use and disclosure:
Health service providers (and nurses)may use or disclose the
information collected only for the primary purpose for which it was
collected, or if the person gives consent to further disclosure.
c.) Data quality:
Nurses and other health service providers are required to take
reasonable steps to keep health information up-to-date, accurate and
complete.
d.) Data security:
Nurses and other health service providers must take reasonable steps
to protect and secure health information from loss, misuse and
unauthorized access.
e.) Openness:
This principle refers to the requirement that health service
providers must convey to consumers / patients how their sensitive
health information will be handled.
f.) Access and correction:
Under this principle,consumers have a general right of access to
their own health records.
g.) Identifiers:
Commonwealth Government identifiers, such as the Medicare number or
Veterans Affairs number, have restricted use and cannot be used by
health service providers as identifiers for record keeping purposes.
h.) Anonymity:
Where it is lawful and practical, consumers must be given the option
to use health services without identifying themselves.
i.) Transborder data flows:
Health information should only be transferred out of Australia if the
recipient country has similar privacy protection laws, or if the
consumer consents to the transfer.
j.) Sensitive information:
This principle dictates that an organisation must not collect
sensitive information unless the individual has consented; it is
required by law; or, in circumstances such as the provision of health
services and individual or public health or safety.
National Privacy Code
http://www.anf.org.au/pdf/anj_feature_0208.pdf
a.) However, these 'private sector' laws do not affect public State
hospitals or other State health organisations and the NSW, ACT and
Victorian governments have passed their own legislation governing
privacy and health
b.) Interestingly, the definition of 'health service' includes an
activity performed that is intended or claimed by the service provider
to improve the individuals health or treat the individual's illness.
This means that the individual service provider does not necessarily
have to be a health 'professional' and includes all forms of medical
treatment, including alternative and other non-traditional therapies.
c.) The NHPPs will not apply to exempted health information or health
services or health service providers that are exempted in accordance
with a State or Territory Act.
Focus: Health - February 2003
http://www.aar.com.au/pubs/bio/fohfeb03.htm
a.) The level of data security should be adequate
b.) The trend is towards the use of a Public Key Infrastructure
Framework to ensure acceptable data security when transmitting
information across an open network such as the Internet.
c.) Informed consent of the client/patient
d.) Clinicians notes must acknowledge that the consultation was
conducted using videoconferencing technology and note any disruptions
which occur in the course of the consultation.
e.)
paper records containing personal health information should not
be copied unless it is essential to do so.
f.) The anonymity of clients/patients should be maintained during
case presentations, consultations with other health care providers,
research activities and at seminars and conferences.
g.) It is important to ensure that client/patient information is not
discussed in public areas such as corridors or lifts or indeed
anywhere it is likely to be overheard.
h.) Computer screens in emergency departments, admission and
outpatient areas and other public areas should, where possible, be so
placed that they cannot be seen other than by the staff member
entering the information.
i.) Clients/patients whose preferred language is other than English
should be informed in their own language of their rights to access
their health records.
GENERAL SAFEGUARDS FOR PROTECTION OF PERSONAL INFORMATION
http://216.239.37.100/search?q=cache:Fc3KpTm8mBEC:www.health.nsw.gov.au/iasd/information-privacy/ipcop98/safeguards.html+%22health+sector%22+%22data+security%22+Australia&hl=en&ie=UTF-8
- IT education of hospital staff
- Resistance to technology change by the health care staff
- Organizational structure which includes the physical layout of the
premises, existing technology, signs, rituals, stories and values.
Preparing staff for Information Technology
http://infocom.cqu.edu.au/HNI/BooksOnline/chapter_24.pdf
Our next article provides data security issues confronting
pharmacists.
a.) Collecting health information, dispensing medication and
discussing symptoms in a
public space.
b.) Change of business circumstances and pharmacies
c.) Access to health records
d.) Childrens privacy The Privacy Act does not set an age limit
at which a child or young person can exercise their own privacy rights
this occurs when the individual becomes competent to make such
decisions.
e.) Providing personal information to others the collection of
medication by friends,
neighbours or relatives
New Privacy Law & the Private Health Sector
http://www.privacy.gov.au/publications/hics2.pdf
a.) a person could not be penalised or discriminated against for not
participating in the
system
b.) stringent security measures would be in place wherever health
information was collected, stored or exchanged in the network
c.) information collected and stored on the network could be used
only for agreed purposes and would be restricted to the health sector
PRIVACY, CONFIDENTIALITY AND SECURITY
http://www.health.gov.au/healthconnect/pdf_docs/fsp.pdf
Search terms used:
"health sector" "data security" Australia
I hope these links would help you in your research. Before rating this
answer, please ask for a clarification if you have a question or if
you would need further information.
Thanks for visiting us.
Regards,
Easterangel-ga
Google Answers Researcher |
Clarification of Answer by
easterangel-ga
on
24 Apr 2003 17:52 PDT
Hi again! Thanks for asking a clarification before providing a rating.
I have found here privacy issues that relate directly to electronic
health info systems in terms of the clinical and telehealth aspects in
Australia.
Our first link provides a comparison of the security issues of having
an electronic health records systems as regards to paper based ones.
They are compared according to the following concerns:
a. "Loss of confidential information"
b. "Theft of and/or unauthorised access to confidential information"
c. "Confidential information becoming known to the public"
d. "Misuse and abuse of confidential information, or loss of integrity
of confidential information"
e. "Availability of confidential information"
Security - Key risks
http://www.gpcg.org/topics/security_key_risks.html
Other issues that must be addressed are discussed in this paper.
a. "Computer technology makes the creation of new databases and data
entry easy, so that databases can be created and maintained readily.
This could result in a proliferation of data and information that is
easily searchable."
b. "Computerization allows for storage of large amounts of data in a
very small physical medium."
c. "Computers provide for the possibility of "invisible theft"
stealing data without taking anything physical so that patients and
providers remain unaware that the data has been stolen, altered, or
abused."
d. "Computers allow for the possibility of "invisible" modification,
deletion, or addition of data."
e. "Computers create the potential for the easy linking of data that
were not intended to be collated."
f. "Computers allow a large number of people to handle or access data;
the potential vulnerability of the data to large-scale intrusion is
significantly increased in a computerized environment."
"PRIVACY, CONFIDENTIALITY AND SECURITY ISSUES"
http://www.dhs.vic.gov.au/ahs/archive/telemed/8.htm
a. "Currently, the majority of health care records in Australia exist
as discrete paper-based entities held at a variety of different
locations, resulting in a fragmented picture of individuals health
needs and health histories."
b. "Access to appropriate information at the time of care delivery is
central to good clinical decision making practitioners and consumers
need the right information at the right time."
c. "First, the consumer must provide consent for access to occur."
d. "Once a right of access is established the identity of the person
accessing the record needs to be authenticated to ensure that access
is only granted to approved parts of the record."
e. "What mechanisms should be used to control access to data?"
"Issues Paper: A National Approach to Electronic Health Records for
Australia"
http://www.gpcg.org/publications/docs/Ehrissue.doc
A study on the issues in Privacy and Confidentiality in Clinical Data
Management Systems is available in this link. Although it is not in
the Ausralian setting, I think it will be good background information
for your research.
"Privacy and Confidentiality in Clinical Data Management Systems: Why
You Should Guard the Safe"
http://www.netreach.net/%7Ewmanning/cdm.htm
In case you would need futher assistance as regards to this question,
just let me know through clarification.
Best Regards,
Easterangel-ga
|