Tag: Health information

1
Privacy Professionals download COVIDSafe App
2
Privacy in the time of COVID-19
3
Privacy Awareness Week (Health Information): Health sector and the notifiable data breach scheme – 12 months on
4
De-identification of Data and Privacy
5
The co-existence of open data and privacy in a digital world
6
Malware attacks a Melbourne hospital’s outdated IT system

Privacy Professionals download COVIDSafe App

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Allison Wallace

A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.

Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.

The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.

As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.

Privacy in the time of COVID-19

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Read More

Privacy Awareness Week (Health Information): Health sector and the notifiable data breach scheme – 12 months on

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

It’s been a little over a year since the notifiable data breach scheme was introduced in Australia. The Office of the Australian Information Commissioner (OAIC) issued its Notifiable Data Breaches Scheme 12-month Insights Report on 13 May 2019, detailing its insights to come out of the scheme’s operation over the past 12 months. As regular readers would no doubt be aware, the health sector was one of the top industry sectors to report breaches in the first 12 months of the scheme’s operation.

Read More

De-identification of Data and Privacy

By Cameron Abbott, Keely O’Dowd, Giles Whittaker and Harry Crawford

As promised in a previous blog post, K&L Gates have performed an in-depth analysis of the risks of relying on de-identification of data to protect privacy, in the wake of researchers successfully re-identifying de-identified medical data that was released by the Australian Department of Health in 2016.

Read the article on the K&L Gates HUB here.

The co-existence of open data and privacy in a digital world

By Cameron Abbott, Keely O’Dowd and Giles Whittaker

Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.

In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).

At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.

Read More

Malware attacks a Melbourne hospital’s outdated IT system

By Cameron Abbott and Meg Aitken

Don’t say we (and Microsoft) didn’t warn you, a prominent Melbourne hospital’s IT system that runs on an outdated and unsupported Windows operating system, Microsoft XP, was hacked last week.

Microsoft recently activated the end-of-life phase for Windows 8, 9 and 10 and encouraged users to transition to the company’s supported operating systems in order to prevent security incidents. The same process was undertaken for Microsoft XP in 2014; however the hospital continued to use the platform in some departments.

The pathology department was the primary victim of the attack and staff were reportedly forced to manually process blood tissue and urine samples while the electronic system was compromised. Fortunately, highly sensitive patient information is not believed to have been accessed by the hackers.

It has been reported that the hospital is now expediting plans to upgrade its IT systems.

Access the media release here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.