One of the areas of administration ripe for review and development is the role of Privacy Officer / Privacy Co-ordinator. The privacy monitoring needs to include data privacy (storage, access etc) which in itself is a complex topic.
Traditionally privacy has related to clinical documents in hard-copy form, and auditory and physical privacy, but now digital security is an additional and complex area of risk mitigation and monitoring. The education or skill set required to undertake this role also may need enhancing to meet modern methods of record keeping.
What does good look like? Is adequate ever really adequate??
Health Information is the most sought after by hackers for potential identity theft etc. You wouldn’t leave your house in the morning with the doors and windows wide open for easy access by anyone! Have the Users of your systems been given the relevant and appropriate user permissions to ensure access to only data they have a legal right to access? Have passwords been exposed to unauthorized users? Have access codes been deactivated for those on leave or those who no longer work for your organization?
Did you logout? Why would you leave your digital device accessible to others while you’ve left it logged in. Anyone following on entering information legitimately or not, could be entered under your login making you responsible for their notation.
Are your team members using AI to develop care plans? We are aware this is becoming common practice. I can’t help but wonder what private resident information may have been entered into an open source AI to get the person centered care plan written by AI? Have residents been made aware of and consented to your storage of their data in digital systems?
Are your team writing the progress notes for their shift after they’ve gone home saying they didn’t have time to do ut at work? Have you instigated Multi-factor Authentication for added security?
We suggest developing the security / privacy role to look at where data is stored, who has access to it, is it held within an organisations own tenancy (ring-fenced for their eyes only), or travel out of where the data is stored on third party systems. Have you updated your education on meeting your Privacy Act and Health Information Privacy Code 2020 requirements? What are your internal audits showing? What is being reported to your clinical governance and management teams with regard to meeting your obligations to those associated with your service?
A few things to think about before you’re the subject of a privacy related complaint…