What is: A Privacy Breach
A privacy breach occurs when someone accesses personal information without permission or handles personal information in a way that is inconsistent with the law.
Contents
Why is this important and what’s my role in this?
At Health we handle a great deal of personal information. This is information that identifies an individual and can include patient and staff information.
We have a duty to handle personal and confidential information respectfully, and in accordance with the law. We build the trust of the public by respecting privacy.
Inappropriate handling of personal and confidential information is a serious matter and can result in disciplinary action, dismissal and even referral to the police for prosecution under the Criminal Code.
How do privacy breaches occur?
A privacy breach occurs when we have not:
- handled information in accordance with the Information Privacy Act and National Privacy Principles.
- Met obligations under Part 7 of the Hospital and Health Boards Act around confidentiality and disclosure of patient information.
The most common type of privacy breach is when we have not secured information adequately and it is disclosed to the wrong people. Examples:
- A patient discharge summary being posted to the wrong address.
- An email containing HR information being sent to the incorrect recipient.
- Leaving a computer screen containing patient information unlocked when you step away from your desk.
- Audits revealing staff accessed electronic systems like ieMR or CIMHA without having a work-related reason.
What do I need to do?
In addition to keeping personal information secure, we have obligations to:
- make sure that the personal information we use is accurate and up to date
- notify people that we are collecting their information and for what purpose
- only use that information for the stated purpose unless an exception applies.
- only collect personal information where we need it for our work functions.
For patient information we can only disclose it in accordance with the Hospital and Health Boards Act exceptions to confidentiality in Part 7. For example, where it is for the ongoing care or treatment of the patient, or where the patient has consented.
When privacy breaches at Metro North Health have occured, they have been mostly well contained and managed. When a privacy breach occurs, it is important to react quickly when it becomes apparent that a breach has occurred. Breaches can harm individuals and damage our organisational reputation. Sometimes compensation is payable.
If a Privacy breach is likely to result in harm to a person or organisation then then they may need to be notified of the breach, however this is not always the case. Contact your local Privacy Officer for assistance.
You must notify the Metro North Health Ethical Standards Unit if you suspect a Privacy Breach was deliberate.
Training programs
Essential Contacts
MNHHS: Director, Health Information Policy Access and Coordination
Ph: (07) 3647 9753
Email: privacymetronorth@health.qld.gov.au
RBWH: Manager, Information Access Unit
Ph: (07) 3646 7423
Email: IAU-RBWH@health.qld.gov.au
TPCH: Director, Health Information Services
Ph: (07) 3139 4288
Email: IAU-TPCH@health.qld.gov.au
Caboolture-Kilcoy: Director, Health Information Services
Ph: (07) 5316 3943
Email: Cab-HIS-IAU@health.qld.gov.au
Redcliffe: Director, Health Information Services
Ph: (07) 3883 7029
Email: CIA-Redcliffe@health.qld.gov.au
STARS: Director Health Information Services
Ph: (07) 3647 6009
Email: Megan.Wallace@health.qld.gov.au
Metro North Ethical Standards Unit
Phone: (07) 3646 1566
Email: mn-esu@health.qld.gov.au
Updated: June 2023