May 21, 2019

May 21, 2019

Subscribe to Latest Legal News and Analysis

May 20, 2019

Subscribe to Latest Legal News and Analysis

Privacy Awareness Week (Health Information): Health Sector and the Notifiable Data Breach Scheme - 12 Months on

It’s been a little over a year since the notifiable data breach scheme was introduced in Australia. The Office of the Australian Information Commissioner (OAIC) issued its Notifiable Data Breaches Scheme 12-month Insights Report on 13 May 2019, detailing its insights to come out of the scheme’s operation over the past 12 months. As regular readers would no doubt be aware, the health sector was one of the top industry sectors to report breaches in the first 12 months of the scheme’s operation.

Here’s the health sector at a glance:

  • Of the 964 eligible data breaches notified to the OAIC from 1 April 2018 to 31 March 2019, health information breaches accounted for 249 notifications (just over a quarter of all notifications). This is consistent with international trends which often show the health sector as a leading reporter of data breaches.
  • Human error was the leading cause of data breaches in the health sector, accounting for 55% of the breaches. This figure was relatively higher when compared to the average rate of data breaches in other industries due to human error (35%).
  • Human error in the health industry typically involved sending personal information to the wrong recipients via email and other forms communication.

Of itself, these figures seem to paint a grim picture for the health sector, which is the leading reporter of data breaches in Australia. However, there may be a silver lining for health organisations. As the Report identifies, the statistics arguably reflect the health sector’s preparedness to report data breaches. This potentially suggests a greater maturity and understanding of their obligations than other sectors that deal with less sensitive data, and could well be influenced by the more regulated nature of the sector, as well as the fact that the sector routinely deals with sensitive health information which inherently carries higher risk of causing serious harm if misused.

For more insights into health information and the scheme, check out our blog posts “My Health Records – to opt-in, or to opt-out? That is the question” and “Mandatory data breach reporting in 60 seconds”, or feel free to contact us for any assistance or information.

Rebecca Gill contributed to this post.

Copyright 2019 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261
Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.

+61.3.9205.2027