Sensitive information (which includes health information) is an important subset of personal information under the Act that requires careful management. In addition, there may be additional information security obligations for health care providers who are covered by
- Personally Controlled Electronic Health Records Act 2012
- Healthcare Identifiers Act 2010.
Providing robust personal information management practices will ensure that legal and professional obligations are met, as well as delivering operational efficiencies. These practices can mitigate the risk of privacy breaches and any corresponding reputational and financial impact
The processes required to ensure good personal information management practices will vary with the organisation in question, but some of the key criteria to consider include:
- the nature of the organisation holding the personal information
- the amount and sensitivity of the personal information held
- the likely adverse consequences for an individual in the event of a breach
- the existing information handling practices of the organisation holding the information
- the time and cost required to implement additional security practices
In order to implement robust information security practices, we take an approach that considers the full “lifecycle” of personal information within practice systems. This is the most reliable way of ensuring that personal information is adequately protected in line with the various Australian Privacy Acts (APPs).
eHealth Information and Security Privacy Services (ISPS) offer a range of privacy consulting services to assist clients in achieving these robust information security practices:
- Privacy Gaps Assessments
- Privacy Impact Assessments
- Information Security Assessment
- Policy Review and Development
- Compliance Implementation
- Internal practices, procedures and systems
- Contracted services
- Information Security Program Design
- Incident Response Plan
Training and Support
- Stand-In Privacy Officer
- Privacy Compliance Training
You can have confidence in knowing our methodologies, technical approach and tools are based on relevant international, governmental and industry standards including:
- ISO/IEC 29100:2011 Information technology – Security techniques – Privacy framework
- Australian Privacy Act (and where applicable relevant State legislation)
- Office of the Australian Privacy Commissioner’s guidelines
We ensure that all solutions delivered comply with the relevant legislative and regulatory requirements, and are aligned with industry standards. We also take into account your organisational priorities, including cost and value measures.
The importance of well-managed personal information extends beyond just legislative and legal compliance.
Mismanaged personal information can cause a financial or reputational loss to customers, leading in turn to a loss of trust and harm to your business reputation. A significant breach may result in lost customers, business partners and correspondingly revenue.
In addition, the loss or alteration of personal information can have a serious impact on your ability to operate your business as usual.
We recommend that you mitigate these risks by implementing robust information security management practices.
CONTACT US TODAY and see how we can help you.
© 2018 eHealth Information Security and Privacy Services (ISPS)