The Notifiable Data Breach (NDB) scheme came into effect in February 2018 and applies to all agencies and organisations with existing personal information security obligations under the Privacy Act. These obligations extend to general practices.
This education activity is designed assist GPs and general practice teams in their understanding of the NDB scheme and their obligations for assessing and responding to potential data breaches in their practice.
These webinars are presented as part of the monthly RACGP eHealth Webinar Series. All webinars are free of charge.
Register at: https://www.racgp.org.au/running-a-practice/technology/workplace-technologies/racgp-ehealth-webinar-series
Relevance to General Practice
General practices hold a significant amount of identifying personal information of patients. This information may be vulnerable to intended unauthorised access (eg hackers) or unintended unauthorised access or disclosure (eg staff member sending personal patient information to an incorrect recipient).
Healthcare providers featured as the top industry sector for reported data breaches in the Office of the Australian Information Commissioner (OAIC) quarterly report (1 October – 31 December 2018).
It is important that general practices develop robust policies and procedures when it comes to the storage and handling of personal patient information; and also know their responsibilities when it comes to assessing and responding to potential data breaches.
- Describe what constitutes a notifiable data breach
- Identify scenarios in which a notifiable data breach has occurred
- Summarise what actions are required if a notifiable data breach occurs
- Articulate the difference between a notifiable data breach under the scheme and a data breach relating to My Health Record
- Discuss how the NDB Scheme applies to general practice
Domains of General Practice
D1. Communication skills and the patient-doctor relationship
D2. Applied professional knowledge and skills
D3. Population health and the context of general practice
D4. Professional and ethical role
D5. Organisational and legal dimensions
Curriculum Contextual Units
This activity is also available on these dates