With the My Health Record system expanding, it is time for health care providers to review and update their Privacy Policies. Necessary changes will likely include amendments to how personal information is collected, used and shared.
Notably many Privacy Policies claim they do not share information with any third parties, this may no longer be true if a patient’s information is being uploaded to the My Health Records system. Similarly claims that the provider only collects information from the patient directly, will not be accurate if the provider accesses information from the My Health Record system. Furthermore, the My Health Record Act defines ‘use’ to include accessing, viewing, modifying and deleting information. As such, representations regarding how you use patient’s information may need redefinition.
Privacy Policies relate to how businesses deal with personal information from all sources, not just that derived from their websites.
With the notifiable data breach scheme in full force, the last thing you want to do is rush to get compliant during a data breach event before you are required to notify the commissioner.
Get in early, get compliant and avoid the $420,000 maximum penalties.