Health information can be even more attractive to cyber criminals than financial details
Information privacy and security are essential for Australian dental practices to maintain high standards of patient trust. Dental practices handle sensitive patient data including medical history, personal identification, and financial information. Unapproved access, misuse, or loss of such data could lead to legal, ethical, and financial consequences. By prioritising information privacy and security, we can protect patient confidentiality, reduce the risk of data breaches, and enhance our reputation for ethical and professional practice.
Dental practices have legal obligations under the Privacy Act 1988 to protect patient information. The Act regulates the collection, use, and disclosure of personal information and establishes the Australian Privacy Principles. Dental practices are required to comply with the principles and implement measures to prevent unauthorised access, modification, or disclosure of patient information. Failure to comply with the Act may result in substantial fines, legal liability, and loss of patient trust. By implementing effective measures, dental practices help ensure compliance with the Act and safeguard the privacy and confidentiality of patient information.
Managing risk
Practices’ risk management planning should deal with information privacy and security to mitigate the risks associated with handling sensitive patient information. Such a plan can help practices identify potential vulnerabilities in information management systems and implement strategies to prevent or manage data breaches, cyber-attacks, or other security incidents.
By having a risk management plan in place, practices can protect the confidentiality and privacy of patient information, minimise the risk of legal liability, and maintain patient trust. A risk management plan can also help practices comply with the legal obligations under the Act.
Developing a risk management plan requires a tailored approach that considers the unique needs of each dental practice. You can start by identifying potential data risks, such as data breaches, cyber-attacks, or other security incidents, and conduct a risk assessment to determine the likelihood, and consequence, of each risk. Based on the assessment, you can outline appropriate strategies to mitigate or manage each risk. Strategies may include implementing data encryption, access controls, and staff training programs. Plans should be routinely reviewed to ensure currency.
Resources
The ADA has developed the following resources specifically to assist members with risk management planning and response:
This resource outlines the types of data and information risks that could impact your dental practice and suggests ways to reduce or prevent these risks altogether.
This checklist can be used to develop and implement a Dental Practice Data and Information Management Plan.
This resource provides guidance for members to respond to known or suspected data breaches; including whether a particular data breach must be reported to the OAIC.
Getting started
The following resources are designed for healthcare providers and their teams on the fundamentals of cyber security and are of an introductory nature.
Our cyber security team works with the healthcare sector to help identify ways to keep digital health assets protected and secure.
This document provides general security awareness information
and is not intended to be comprehensive.
Please note: To access this course requires a login.
Enhancing security
The resources below are designed to further assist you in securing your systems and identifying potential threats.
This document provides guidance for healthcare organisations, to assist with reducing the risk that human
behaviours can lead to a security incident.
An organisation should ensure that cyber security awareness training is provided to all personnel in order to assist them in understanding their security responsibilities.
Your healthcare business or practice has access to valuable digital
information entrusted to you by healthcare consumers, suppliers and
employees.
In this interview Dr Brett Taylor speaks with IT security expert, Robert Laurie, about the importance of preparing for a malware attack.
This document has been prepared for senior managers in the health sector to help increase understanding and
facilitate better management of the risks posed by ransomware.
Since the start of the COVID-19 pandemic, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has seen an increase in reports related to COVID-19 themed scams, online frauds and phishing campaigns.
Ransomware is a common and dangerous type of malware. It works by locking up or encrypting your files so you can no longer access them.
Multifactor authentication
Multi-factor authentication (MFA) is a critical security measure that enhances the protection of digital accounts and sensitive information. It goes beyond passwords by requiring users to provide multiple forms of verification, such as something they know, something they have, and something they are. MFA significantly reduces the risk of unauthorised access and strengthens cybersecurity by adding layers of defence against threats and breaches.
Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity, and you may already be using MFA.
Selecting IT products and services
The resources listed below can help you choose secure IT products and services, and to prepare for potential emergencies.
This document has been designed as a companion to the Information Security Guide for Small Healthcare
Businesses
Managing cloud-based services
Australian healthcare providers must comply with Australian privacy laws, and it is advisable to choose a cloud service provider (CSP) that stores data within Australia to ensure consistency of legal protections and cooperation with local authorities. The Privacy Act 1988 applies to private healthcare providers and government entities and imposes specific conditions for overseas data disclosure. When considering a CSP outside Australia, it is crucial to confirm compliance with Australian Privacy Principles, including safeguarding data against various risks. Healthcare providers should work with their chosen CSP to configure security measures in line with relevant legislation, prioritising data protection and privacy.
This guide is for healthcare organisations to assist in assessing whether engaging a cloud service provider
(CSP) is appropriate for identified business need
This document has been prepared for small to medium healthcare providers. It outlines some of the ways
backing up your data can protect your practice.
Teledentistry
Practitioners who use teledentistry services must ensure the privacy and security of online consultations. The following resources guide how to use online conferencing technologies securely. They provide tips and best practices for ensuring the privacy and security of online meetings, such as using secure passwords, enabling waiting rooms, authentication settings, end-to-end encryption, and limiting access to meetings.
In certain circumstances where a patient is seeking care from a dentist but is unable to attend a dental clinic in person, it may be necessary to conduct a consultation by audio or through a videoconferencing platform such as Microsoft Teams, Skype, Google Meet or Zoom.
This guide is intended to assist healthcare organisations assess their online conferencing technology solutions. The guidance
is general and relates to Information Technology (IT) security.
Social media
These guidelines are designed to assist dentists in understanding and meeting their obligations when using social media. They provide information on how to use social media responsibly, including maintaining professional boundaries, respecting patient privacy and confidentiality, and avoiding sharing false or misleading information.
This guidance is to help registered health practitioners understand and meet their obligations when using social media.
Social media is very much part of our lives, both private and professional. What does this mean for professionalism in dentistry?
ADA CPD
This resource summarises the CPD items produced by the ADA relating to data privacy and information security.
Cybersecurity is becoming more of a concern for business owners as the frequency and impact of these attacks increase every year.
In the second webinar on cybersecurity the definition of who an insider is, and what threats they can pose, such as unauthorised disclosure of information will be explored.
Modern life requires us all to have login credentials (including passwords) to conduct our day-to-day activities and professional duties.
10 Mar 2020
In this interview Dr Brett Taylor speaks with IT security expert, Robert Laurie, about the importance of preparing for a malware attack.
31 Aug 2018
Jesse Flyntoff, from IT My Way, provides valuable insider knowledge on how to optimise the security and efficiency of your practice IT systems.
29 Jan 2018
This presentation will outline ways in which dental practices can comply with their privacy obligations.
17 Oct 2017
Social media is very much part of our lives, both private and professional. What does this mean for professionalism in dentistry?
10 Dec 2015
When it comes to the issue of privacy in our digitally connected world, it is easy to come to the conclusion that it simply no longer exists.
20 Aug 201
Dental practitioners have a professional and legal responsibility to keep patient information confidential.
Office of the Australian Information Commissioner
The OAIC provides guidance to help navigate obligations related to information and privacy.
This ‘Guide to Securing Personal Information’ (Guide) provides guidance on the reasonable steps entities are required to take under the Privacy Act 1988.
ADHA podcasts
The ADHA offers a podcast series that provides the latest information on digital health.
Listen to podcast series providing you with the latest information on digital health from experts in their field.
Small business cybersecurity guide
The Australian Cyber Security Centre has a guide to help small businesses protect themselves from cyber threats.
For a small business, even a minor cyber security incident can have devastating impacts.
Privacy
Click here for ADA designed resources and templates to assist in developing your privacy policy.
Social Sharing
Share this via
Or copy link