Keep your IT Safe Through Privacy Tracking and Reporting.
If you are involved in the health sector based in Wairarapa/Wellington, now is a good time to brush up on making sure your IT is safe and you are tracking and reporting in alignment with the Privacy code of 2020. Why? Let’s just say the hefty fine ($350k+) is best avoided. We wanted to reach out to let you know specifically who this impacts, and most importantly, we wanted to bring your attention to Rule Number 5. First things first…
Does this apply to you?
The Health Information Privacy Code applies to the health information about identifiable individuals and applies to:
- all agencies providing personal or public health or disability services such as primary health organisations, district health boards, rest homes, supported accommodation, doctors, nurses, dentists, pharmacists and optometrists; and
- some agencies that do not provide health services to individuals but which are part of the health sector such as ACC, the Ministry of Health, the Health Research Council, health insurers and professional disciplinary bodies.
Most importantly Rule Number 5.
If you are keen on reading the whole document, here is the link. There are after all 11 clauses to get your head around, however, after much consideration, we thought we would highlight number 5. Why? This particular rule discusses Storage and security of health information.
Here is the full blurb verbatim, however what it is important to focus on is that you are liable for the protection of that information during processing, storage and destruction. You must track who accesses data and when. Lastly, you will need to have a designated complaint person(s) who must process a complaint within 10 working days.
Rule Number 5:
- A health agency that holds health information must ensure that the information is protected, by such security safeguards as are reasonable in the circumstances to take, against—
- access, use, modification, or disclosure that is not authorised by the agency; and
- other misuse;
- that, if it is necessary for the information to be given to a person in connection with the provision of a service to the health agency, including any storing, processing, or destruction of the information, everything reasonably within the power of the health agency is done to prevent unauthorised use or unauthorised disclosure of the information; and
- that, where a document containing health information is not to be kept, the document is disposed of in a manner that preserves the privacy of the individual.
- This rule applies to health information obtained before or after the commencement of this code. It applies to any organisation that has a contract with ACC/district health board or the ministry of health or engages with customers with an NHI number.
- It’s not only about keeping the info secure and logging who accesses it – but it’s also about removing information when it’s no longer needed.
- Must have a designated complaint person. 10 working days to accept.
So, you still have a Lundia Shelving System?
So, maybe you still have a lundia shelving system, or cubbies a-z with paper files. Unfortunately, this won’t meet the legal standard for tracking who accessed this and when efficiently. There is always room for error when you have staff wanting to “quickly access this or that file”. It is so much easier to have all your content up in the cloud where you know you can track it, keep it safe, and dispose of it efficiently. Yes, we have heard of bonfires of old records before! No joke!
The Sharepoint Solution
The good news is that it’s not as hard as you think to move your files to the cloud. Microsoft office 365 and Sharepoint are magical when it comes to this process. Apart from the key purpose of introducing better security and tracking measures, Sharepoint offers the ability to decrease duplicated files while still capturing version history, you can access files safely from any location (a must for remote work), and the ability to collaborate on documents at the same time. You can tailor your Sharepoint solution with access architecture and permissions. Not bad right? If you would like to read a little more about these neat features just click here.