Keep your IT Safe Through Privacy Tracking and Reporting.
If you are involved in the health sector in Wellington, now is a good time to brush up on making sure your IT is safe and you are tracking and reporting in alignment with the Privacy code of 2020. Why? Let’s just say the hefty fine ($350k+) is best avoided. We wanted to reach out to let you know specifically who this impacts, and most importantly, we wanted to bring your attention to Rule Number 5. First things first…
Does this apply to you?
The Health Information Privacy Code applies to the health information about identifiable individuals and applies to:
all agencies providing personal or public health or disability services such as primary health organisations, district health boards, rest homes, supported accommodation, doctors, nurses, dentists, pharmacists and optometrists; and
some agencies that do not provide health services to individuals but which are part of the health sector such as ACC, the Ministry of Health, the Health Research Council, health insurers and professional disciplinary bodies.
Most importantly Rule Number 5.
If you are keen on reading the whole document, here is the link. There are after all 11 clauses to get your head around, however, after much consideration, we thought we would highlight number 5. Why? This particular rule discusses Storage and security of health information.
Here is the full blurb verbatim, however what it is important to focus on is that you are liable for the protection of that information during processing, storage and destruction. You must track who accesses data and when. Lastly, you will need to have a designated complaint person(s) who must process a complaint within 10 working days.
Rule Number 5:
A health agency that holds health information must ensure that the information is protected, by such security safeguards as are reasonable in the circumstances to take, against—
access, use, modification, or disclosure that is not authorised by the agency; and
that, if it is necessary for the information to be given to a person in connection with the provision of a service to the health agency, including any storing, processing, or destruction of the information, everything reasonably within the power of the health agency is done to prevent unauthorised use or unauthorised disclosure of the information; and
that, where a document containing health information is not to be kept, the document is disposed of in a manner that preserves the privacy of the individual.
This rule applies to health information obtained before or after the commencement of this code. It applies to any organisation that has a contract with ACC/district health board or the ministry of health or engages with customers with an NHI number.
It’s not only about keeping the info secure and logging who access it – but its also about removing information when its no longer needed.
Must have a designated complaint person. 10 working days to accept.
So, You still have a Lundia Shelving System?
So, maybe you still have a lundia shelving system, or cubbies a-z with paper files. Unfortunately, this won't meet the legal standard for tracking who accessed this and when efficiently. There is always room for error when you have staff wanting to “quickly access this or that file”. It is so much easier to have all your content up in the cloud where you know you can track it, keep it safe, and dispose of it efficiently. Yes, we have heard of bonfires of old records before! No joke!
Where to from here?
If you’re ready to make the move to more efficient and collaborative and secure document management, we can help get you started. You can pop us an email or give us a ring. We would be more than happy to walk you through the process in plain English!
GTB have considerable specialist expertise in providing the IT for health professionals and supporting them. We offer a complete package of services from deep MedTech (or Indici) expertise through help desk support, to internet and Health Care Home compliant phones - https://gtb.co.nz/medical-practices/