Last month, medical files were allegedly stolen from a Melbourne GP clinic and dumped in a park, exposing people’s most intimate personal medical history.
The medical practice acknowledged that the breach happened while the staff were preparing to move the practice to a new location and the files were waiting to be picked up for destruction, but for those patients with their medical details exposed, is this enough of an excuse?
Victoria’s Acting Health Services Commissioner Dorota Siarkiewicz said of the breach, “health services are obliged to comply with the Health Records Act 2001 which details how records must be securely managed. Anybody who fails to comply can be issued with a compliance notice. If this notice is breached, they can be charged with a criminal offence.”
Good medical record keeping is not only a very important aspect of managing a medical practice or hospital records department, but it is also an integral measure to ensuring adherence to the compliance of various state and federal governance’s relating to the storage, management and retrieval of medical records.
Currently, there are around 80 Acts at both the State and Federal level which regulate document retention and destruction. The various regimes are not codified, some are industry specific and some are catch-all legislation.
Privacy has become a top priority for organisations all over the globe as new and expanding compliance regulations push for improved consumer data protection.
Legislation and compliance in the healthcare sector has always been strict, however this legislation is only becoming stricter and safe record storage and destruction requirements are becoming increasingly stringent.
The responsibility is on Australian medical practices to remain on top of legislation. Unfortunately, claiming ignorance around not knowing specific legislative or privacy practices is not enough.
While common sense dictates that medical businesses that hold health information must take reasonable steps to protect health, this doesn’t help medical businesses to be compliant across the myriad of state and national based compliance rules.
Ignorance is no excuse.
To ensure your overall commitment to document storage, businesses need to take steps to ensure every person across your business model understands the importance of data retention and document storage. Any discrepancy can create an inconsistent result for the storage of your information. Training all of your staff comprehensively can alleviate any issues you have with holes in the systematic procedure.
After all, staying compliant will ensure that all records are properly maintained, according to industry standards, whilst at the same time decreasing the chances of a security breach, expensive court cases and reputational damage.