In the current COVID-19 pandemic environment, telehealth services have shifted from a ‘nice to have’ to a ‘must have’ for health service providers and patients. Within a few weeks, health services have seen the rapid implementation of telehealth platforms, including the move to cloud-based services to facilitate remote working arrangements.
Now that these platforms and systems are up and running, health service operators should take some time to review and consider whether the right privacy controls are in place to protect patients’ personal information.
We provide a few points for consideration below to assist:
It may be helpful for health service operators to conduct a privacy impact assessment in relation to the new platforms and systems being used for telehealth services and remote working arrangements in order to holistically assess and evaluate risks to personal information.
The Office of the Australian Information Commissioner has published following guidance: Assessing privacy risks in changed working environments: Privacy Impact Assessments and 10 steps to undertaking a privacy impact assessment.
As with health service operators, suppliers have been caught in a flurry of activity due to the accelerated uptake of telehealth platforms. While having robust information security controls is a crucial factor to ensure the security of individuals’ personal information, suppliers are of course aware that security cannot be completely guaranteed in an online environment.
As health service operators adjust to the use of telehealth platforms as part of their usual business operations, suppliers may use this time to review their existing internal privacy policies and procedures to ensure that they are prepared if the worst does come to pass.
Suppliers may consider the following points:
If the supplier is now handling a higher volume of sensitive information, then it is a good time to review its information security controls and its data breach response plan to ensure that these are appropriate in the present circumstances. If the supplier does not already have one in place, it should consider preparing and implementing a data breach response plan.
The Office of the Australian Information Commissioner has published the following guidance: Tips for good privacy practice and Data breach preparation and response.
Gadens is a supporter of Privacy Awareness Week 2020.
For details of all our COVID-19 tips and updates, visit the Gadens COVID-19 Hub.
Authored by:
Raisa Blanco, Associate