electronic patient health information - australian privacy laws
TRANSCRIPT
EMAILING PATIENT INFO
What All Health Professionals Must Know About How The Privacy Act Affects Electronic Health Correspondence
A Publication of Mediref
Reading time: Approx 10 minsImportance rating: High
Available to share/re-download at any time at: vip.mediref.com.au/privacy
IntroductionPatient correspondence is increasingly becoming electronic. The speed, cost and reliability benefits make it extremely convenient.
We have researched the Privacy Act, and information from different government bodies, to give you a summary on what guidelines are to be used when sending patient information via electronic channels.
Our goals:
1. Simplify privacy laws relating to electronic communication so that you can make your own informed decisions when sending patient information.
2. Examine the use of email in healthcare - Its popularity, its appropriateness, security risks and how to control them.
3. Mediref - Our solution to maintaining ease of use without compromising security.
Disclaimer - We built Mediref for patient correspondence and have an interest in practitioners considering it as an alternative to email. We have clearly marked the section on Mediref if you wish to limit your reading to just the privacy laws and email sections. 2
Table of Contents
1. Privacy Act _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 4Key points on how it relates to electronic communication
2. Email _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 11How does its use comply (or not comply) with legislation
3. Mediref _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _20An alternative for sending patient health information
4. How to make email safe _ _ _ _ _ _ _ _ _ _ _ _ _ _32How to use email to be compliant with privacy laws
3
CHAPTER ONE
Privacy Act
4
The Privacy Act and APP’s
The original Privacy Act written in 1988 naturally contains little information specific to electronic transmission of patient correspondence. It has therefore been updated with APP’s (Australian Privacy Principles) that are published by the Office of the Australian Information Commissioner.
There are 3 key messages we can take from these sources.
5
“Sensitive information is a type of personal information and
includes information about health information.”- Source - The Office of the Australian Information Commissioner (linked here)
The first key point is something we are all familiar with and it cannot be overstated. Health information is sensitive and needs to be treated securely and thoughtfully.
Key Point 1
6
“The Privacy Act requires entities to take ‘reasonable
steps’ to protect the personal information that they hold.”Source - The Office of the Australian Information Commissioner (link to PDF about ‘reasonable steps’)
Secondly, we (health professionals) are required to take ‘reasonable steps’ when handling such sensitive information. This includes storage and transmission.
Key Point 2
7
“Ensure information is transferred securely (for example,
not transmitting health information via non-secure e-
mail)”Source - The Office of the Australian Information Commissioner (link here’)
Lastly, plain text email* is explicitly considered not reasonable. If email is to be used, encryption is a minimal requirement (more detail on email encryption to follow).
*All email is plain text by default, unless you have taken specific steps to add encryption.
Key Point 3
8
So, how do we treat patient information reasonably?
Key points:
● Restrict access using, for example: passwords, security tokens, biometrics (one or more of the three)
● Use encryption● Back up sensitive information frequently● Have measures in place for data breaches● Use email validation and authentication systems to ensure
your firewall is not bypassed
Source: This PDF from the OAIC covers this in full detail and, if you have the time, we highly recommend reading it. Software specific section starts on page 19.
‘Reasonable Steps’
9
NEHTA GuidelinesNEHTA (National Electronic Health Transition Authority) is a body created specifically for electronic health. There are some specific rules that they have put in place with regards to sharing patient information online. The information should
1. Contain the relevant patient identifying details.2. Contain the relevant practitioner identifying details.3. Be digitally signed, and encrypted.4. Have accessibility restricted to persons of relevance.5. Be stored on Australian Territory.
Source: NEHTA (linked)
10
CHAPTER TWO
11
E-mail PopularityEmail is the most popular means by which electronic health information is currently exchanged. There are some clear benefits to it:
1. Universal - Everybody has one.2. Free - Paid email clients or specialised encryption/security
software aside, email offers excellent value.3. Easy to use - Even for the baby boomers!4. Quick - Delivered within seconds.5. Attachments - Medical correspondence is often clearer
with images and other attachments, and discounting size limitations, email allows this.
12
E-mail Security IssuesIn spite of its convenience, there is little doubt that email’s popularity within the medical sector is largely due to its popularity overall i.e. - Everybody has an email address so it is convenient to use it as your primary form of communication.
Once you relate the attributes of standard email to the Privacy Act (chapter 1), it does not conform on many accounts, and leaves practitioners on no man’s land.
13
“Indeed, a person has no legitimate expectation of
privacy in information he voluntarily turns over to third
parties”Source - Quote from Google regarding their own services!
An email travel vast distances (often around the globe) before getting to its recipient. Multiple servers and access points in this journey potentially have access to that email and have the capacity to treat it as per their terms and conditions, often violating the confidentiality of the contents within.
We are also required to keep all sensitive data within Australia, which does not happen if the email provider or either the sender or the recipient is not Australian (e.g. Gmail/Hotmail).
Email Security 1: Privacy
14
To compound the issue of privacy, emails tend to duplicate themselves. A copy is made of each email that is sent out and back and forth replies each contain the entire history of the preceding conversation.
Multiple copies like this means you have virtually zero control over the contents of that email once the send button has been pressed.
Email Security 2: No control
15
Heard of phishing scams?
Defined as “attempts to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication”. In the case of email, malicious links are commonly sent by seemingly trusted acquaintances.
You cannot be certain who an email is from and that lack of authenticity and accountability makes it unsuitable for sensitive information.
Email Security 3: Authenticity
The infamous Acai berry phishing scam
16
Closely related to authentication is validation via signatures. This enables the recipient to be certain about the senders identity.
Correspondence must be signed as per NEHTA’s guidelines.
While digital signatures can be incorporated into email, the process can be cumbersome and is ignored the majority of the time.
Note that digital signatures (a secure means of verifying sender identity) are different from encryption (a secure means to prevent those with unauthorised access to your email, from reading the contents).
Email Security 4: Verification
17
We’ve mentioned encryption several times already, but what is it?
Simply put, encrypted data is ‘scrambled’ so that anybody who does not have the decryption key to unscramble it (e.g. parties with unauthorised access to an email), cannot see or make use of it.
A diagram on the next page explains the process in a simple manner with an example to further illustrate how the process works.
Email Security 5: Encryption
18
Example scenario: Sam wants to send an encrypted email to Jane.
Step 1 - Both must agree on which encryption method to use and implement it. Note - You cannot send an encrypted email to just any email address.
Step 2 - Each party will generate a private and a public key.
Step 3 - Sam will encrypt the message using Jane’s public key. She will be able to decrypt the message with her private key, without which the message will not be accessible to anyone.
Step by step instructions on email encryption in appendix at the end.
Diagram Source 19
CHAPTER THREE
Mediref
20
All Mediref specific slides have this logo at the bottom. Skip to chapter 4 if your interest is only on the Privacy Act and emailing patient information
On MedirefAfter studying email and other software, there are 3 major categories we focused on to create a killer patient correspondence system:
1. Ease of use - It should be intuitive without having to resort to instruction manuals
2. Security - So that it complies with all privacy laws
3. Versatility - Correspondence must not be limited to those on the same system
21
Mediref: Ease Of UseNew technology will only be used if it is intuitive. We recognise that and have made Mediref easier to use and more convenient than email.
How?● Integrating a smart directory● Providing standardised organisation● Automated tracking of referrals● Tailor made for multiple practitioners
22
Smart Directory● Address correspondence using
just your recipient’s name● Directory has thousands of
practitioners and practices and grows everyday
● Includes practitioners not on Mediref (you can still use Mediref to securely communicate with them!)
● No need to look up fax numbers, email addresses or postal addresses.
SEE EXAMPLE
23
Effortless Organisation
Patient details frozen onupper lefthand corner
All practitioners listed in a single column
Entire history of attachments visible at a single click
All updates to the case in an easily followed, chronological order
Easily add your own updates
Easily import threads to your patient management system
A standard format means all important information is visible at a glance
24
Tracking CorrespondenceHas your patient followed instructions? Did they book an appointment
with the specialist?
● Referring practitioners - No need to guess anymore● Specialists - No need to send back unbooked referrals every
few months● Urgent cases can easily be followed up as needed
Unbooked Patients
Booked Patients
Mediref’s dashboard keeps the status of all correspondence updated automatically for all practitioners
25
Multiple PractitionersPatient management is becoming increasingly collaborative. Clear communication is integral to avoiding fragmentation of care and information.
● Each patient case has only one copy, which is updated and visible to all practitioners
● Extra practitioners can be added at anytime○ Full history (including attachments)
becomes available to them in an organised format
● Almost zero chance of anyone missing an update
Collaborate easily with multiple colleagues.
Add practitioners to a case with one click.
26
SecurityWe designed Mediref with security in mind from the start. Everything is in line with the Privacy Act, the APPs and NEHTA’s guidelines.
Privacy & Control:● All data is stored within Australia● Mediref does not make or distribute multiple copies of
sensitive information, providing excellent control:○ Authority (with patient consent) to share access to a
case with other relevant practitioners○ All practitioners with access organised in an easily
visible list
27
SecurityAuthenticity & Verification:● Mediref users are verified Australian health practitioners
and practices - nobody else is allowed access to the system
● All correspondence is accompanied with a digital signature by way of a PIN number
Automatic Encryption:● Access to Mediref is only possible via encrypted channels.
This is automatically put in place by us and the end-user does not have to do anything (software installation/manual encryption, public/private key generation etc)
28
Versatility
Not everyone is on Mediref (yet!). It is important to enable easy and secure communication channels with those outside of Mediref.
1. Send messages to outside Mediref
2. Receive messages from outside Mediref
Communicate with practitioners outside of Mediref
29
Versatility● If recipient is not on Mediref, message will be
delivered by fax or a secure email token● Secure email token:
○ Recipient will receive a secret link plus a password
○ Combination of the two will give only the recipient access to the correspondence
○ No sensitive information transmitted within the email
○ All health information kept within Australian encrypted servers
● Input of fax/email a one time thing - after verification, recipient will become a part of our extensive directory to enable recipient selection using just their name
1. Send messages outside of Mediref
30
Versatility
● The easiest way is to embed Mediref within your website. This will enable other health practitioners to send correspondence directly into your Mediref portal:○ All senders are verified by Mediref (so you don’t get spam)○ You keep all your correspondence organised within Mediref
● For practices and practitioners without a website, Mediref also has public profile pages:○ Showcase your expertise○ Receive correspondence from non-Mediref users
Want an example of Mediref embedded in a site? Click below.
2. Receive messages from outside Mediref
TRY NOW
31
CHAPTER FOUR
How to make email safe
32
How to use email
Email is here to stay. So the next few pages are about email best practices, focusing on:
1. Email encryption 2. Digital signatures*
*See page 9 for a more complete list of reasonable steps.
33
1. Email encryption
34
We have already explained the basic encryption process on page 19. What we will describe in more depth are step by step how-to’s on encryption.
A. PGP
B. SendInc
C. Virtru
Note - This is not an exhaustive list but a selection based on ease of use & popularity. There are far too many to cover them all.
A. PGP/GPA1. PGP is the encryption method used to
generate private and public keys.2. GPA is a program enabling use of PGP.
Download GPA here.3. Install GPA and create your private and public
keys (ensure you back these up!)4. Share your public keys with your email
network (otherwise they will not be able to send you encrypted messages you can open, nor will they be able to read yours).
5. When composing an email, encrypt it using GPA/PGP.
6. Select your recipient (from a list of recipients who have shared their public keys with you).
7. Hit send and you’re done!
The above guide in more depth with images here.
35
Advantages1. Encryption happens locally
ensuring sensitive data stays in Australia as per NEHTA
2. Extremely secure 3. Free
Disadvantages1. Requires a bit of technical
know how to install.2. Both sender and recipient
have to install and use it. 3. Public keys will need to be
exchanged with your entire email network.
Final thoughtsRecommended, if your entire practitioner network agree to use it. Combined with a digital signature, you will be keeping onside of all privacy laws.
B. SendIncSendinc, in a nutshell, provides the encryption you need without requiring you to exchange public and private keys with your entire email network. Instead you create just one secure link with SendInc themselves and they relay your message - the tradeoff being that your recipients will need to create an account to read your email.
1. Create account at SendInc2. Set-up the connection with SendInc (e.
g. via their outlook add-on)3. Done. You are ready to send
encrypted emails.
36
Advantages1. Easy to set-up2. Most users will be happy with
their free packageDisadvantages1. Recipients will be required to
create a Sendinc account to view your messages
2. Data not stored locally3. Only slightly less convenient
than Virtru (next page)Final thoughtsNot recommended as your stand-alone program because of location of data, but vastly superior to plain text email so should be used if that is your only alternative.
C. VirtruAn excellent concept.
Simply put, instead of sending a copy of your email to your recipient, Virtru will host that email on their own encrypted servers and grant your recipient access to that email. This is, in many ways, very similar to what Mediref does when sending correspondence to those not on Mediref.
The drawbacks are that your data is not kept in Australia and it only supports Gmail, Outlook and other global email providers. So if you use iiNet/Bigpond, it is out of the question.
Setup is a simple case of downloading and installing their software.
37
Advantages1. Extremely easy to set up2. Very easy to use3. Recipient does not need to be
using Virtru as wellDisadvantages1. Only supports the ‘big’ global
email providers2. Data not stored locally3. Need premium subscription
for full utilityFinal thoughtsExcellent idea but not recommended due to data stored internationally and being limited to only the ‘big’ email providers.
However, it is better than using a vanilla version of gmail/outlook!
2. Digital Signatures
38
This is not the same as putting your name at the end of the email but a means to let your recipient identify you as the sender (and not someone pretending to be you).
1. Generate and obtain a digital certificate. Free one available here.2. Install the certificate on your computer* by:
○ On Outlook 2010, click on File and then Options○ Click on Trust Center and click on Trust Center Settings○ Click on E-mail Security○ Outlook populates the Change Security Settings dialog box with default
information. Click OK to accept the defaults○ Click OK
Done! When composing a message in Outlook, simply select the Digital Signature
button to Digitally Sign your email.
● Note 1 - Each email client is different. The above is for Outlook 2010. Instructions are similar but email us if you need help with a specific email client.
● Note 2 - Each separate computer will require its own installed certificate.
Keep Patient Health Information Secure
We have done our best to arm you with the knowledge about how to securely transmit patient information. Let it be a guide when deciding on what channels you use to send correspondence.
Mediref is based on this knowledge and our practical experience as healthcare professionals. If you wish to give it a try then click the button below.
TRY MEDIREF39