That makes the latest report from sa国际传媒鈥檚 privacy commissioner something that has to be addressed. Privacy commissioner Elizabeth Denham says health authorities report only about one per cent of the privacy breaches that occur.
Our health records include some of our most deeply personal information, information that in the wrong hands could affect relationships and employment. When we talk to doctors and other health professionals, we open up about things that sometimes we don鈥檛 even tell our loved ones.
It doesn鈥檛 take much imagination to know the harm that could come from a leak of information about cancer treatment, mental illness, cognitive impairment or communicable diseases.
We know that many people in health professions have access to computerized records, and Denham estimates that 3,000 breaches occur every year across all sa国际传媒鈥檚 health authorities. Yet her office has been notified of only 200 over the past 10 years.
The breaches included misdirected faxes or other communication, data that were stolen or lost, data left unencrypted, staff who were snooping in the records and intentional disclosure of information on social media. That last one is possibly the most frightening because it is potentially devastating.
The privacy commissioner believes that a law requiring mandatory reporting of breaches is needed to make sure everyone knows their obligations.
The government is considering such a law, and Technology Minister Amrik Virk says a committee that is reviewing the Freedom of Information and Protection of Privacy Act will discuss it.
鈥淚 believe that reporting is done forthwith as soon as practical,鈥 he said. But if Denham鈥檚 estimates of the number of unreported cases are correct, in too many instances 鈥渁s soon as practical鈥 appears to be 鈥渘ever.鈥
Denham says that reporting breaches to her office ensures effective oversight and 鈥渋ncreases public trust and confidence that the government is appropriately managing and safeguarding personal information.鈥
Denham鈥檚 report includes 13 recommendations. They include ensuring adequate staff and resources to protect privacy, full documentation of all breaches, regular audits of safeguards, prompt notification of people whose information was involved, quick reporting of breaches to the privacy commissioner鈥檚 office, training for staff and requirements for staff to sign confidentiality agreements.
All those steps will help prevent breaches and ensure that when they happen, the correct steps are taken and the commissioner is informed.
We shouldn鈥檛 underestimate the difficulty of tackling this problem. Health authorities and other government agencies store enormous amounts of information about us, and they need it to provide us with the services we expect.
Providing service means workers need access to that information, so the potential for accidental or intentional breaches is enormous. Detecting and managing breaches is no small task.
Denham鈥檚 recommendations give government and health authorities some strategies to deal with the problem. Success requires creating a culture where protecting patients鈥 privacy is seen as an important part of everyone鈥檚 job.
All those who work in health care safeguard the health of patients. They must be equally diligent about safeguarding those patients鈥 sensitive information.
