Speak Out Feb 2020 DIGITAL EDITION. pdf

Special feature

Understanding your legal and ethical obligations PRIVACY

PRIVACY Support to ensure you meet your obligations

The Privacy Act 1988 (Privacy Act) requires you to be proactive in establishing, implementing and maintaining privacy processes in your practice. At the start of a new year, it is a timely opportunity to re-visit and review your privacy practices, procedures and systems to ensure continued effectiveness and to ensure you meet these requirements. To make managing privacy easier, the key practical steps you should take are: • Develop and implement a privacy management plan. • Develop clear lines of accountability for privacy management. • Create a documented record of the types of personal information you handle. • Understand your privacy obligations and implement processes to meet those obligations. • Hold staff training sessions on privacy obligations; this will help you embed a culture of privacy in everyone who works with you. • Create a privacy policy. • Protect the information you hold. • Develop a data breach response plan – this is the most prudent way to manage risks around privacy and data breaches. It also helps you demonstrate your obligations under the Privacy Act that everyone in your practice has taken reasonable steps to protect the personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. A plan also gives you guidance on how to manage a data breach and assists in minimising the consequences of a breach to the organisation and affected individuals. There are many resources available to support you to meet your obligations.

The Office of the Australian Information Commissioner (OAIC) has a wealth of information on their website. Below are several links and their poster outlines the above steps in more detail. Guide to health privacy includes information about: Key concepts when handling health information; Steps to embedding privacy in your practice; How to collect health information; Disclosing and giving access to health information and Disclosing information about patients with impaired capacity. Privacy in your state – privacy laws that apply in your state and territory. Privacy Action Plan – link to PDF of poster and more details about developing an action plan. See next page. OAIC’s You Tube channel – includes a free webinar about the Notifiable Data Breaches Scheme. Speech Pathology Australia has developed the following resources Private practice Privacy Guide and Privacy Guide templates Cloud based storage and privacy Data breach and privacy – information about data breach and links to developing a plan for your practice. Health records-retention requirements for speech pathologists If you have questions about privacy and data breach contact national office or the OAIC directly. Nichola Harris Manager Professional Practice

29

February 2020 www.speechpathologyaustralia.org.au

Speak Out