SlideShare a Scribd company logo

Brisbane Health-y data: Privacy and Legal Framework

‱
‱
ARDC
ARDC

Presentation given by Peter Croll at the 'Sharing Health-y Data Workshop: Challenges and Solutions' event co-hosted by ANDS and HISA. Held on Wednesday 16th March 2016 at the Translational Research Institute, Brisbane, Australia.

Health & Medicine
1 of 25
Download to read offline
Privacy and Legal framework - legislative patchwork - what is ‘reasonable’ - holistic approach DR PETER R. CROLL PRC@PETERCROLL.COM 1
topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 2©Peter Croll, 2016www.PeterCroll.com
topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 3©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 4 commonwealth ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 5 medium to large businesses/entities small businesses/entities commonwealth ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 6 state/territory governments medium to large businesses/entities small businesses/entities commonwealth ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 7 state/territory governments medium to large businesses/entities small businesses/entities The Privacy Act 1988 (Cth) commonwealth ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 8 state/territory governments medium to large businesses/entities small businesses/entities Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Information Act 2002 (NT) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 9 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 10 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth cover by contract Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 11 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) The Healthcare Identifiers Act 2010 (Cth) My Health Record Act 2012 (Cth) Freedom of Information Act (FOIA) 1982 (Cth) commonwealth cover by contract Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
legislative patchwork 12 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) The Healthcare Identifiers Act 2010 (Cth) My Health Record Act 2012 (Cth) Freedom of Information Act (FOIA) 1982 (Cth) commonwealth cover by contract ANU/Bond public Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
13©Peter Croll, 2016www.PeterCroll.com
topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 14©Peter Croll, 2016www.PeterCroll.com
what is ‘reasonable’  reasonable appears 155 times in Privacy Act  is encryption reasonable?  are cloud services reasonable?  is it reasonable to store overseas?  is it reasonable for the cloud service provider to mange the encryption keys?  is this your problem? 15©Peter Croll, 2016www.PeterCroll.com
reasonable security 11 Australian Privacy Principle 11—Security of Personal information 11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information: (a) from misuse, interference and loss; and (b) from unauthorised access, modification or disclosure. 11.2 If: (a) an APP entity holds personal information about an individual



 


.. the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified. 16©Peter Croll, 2016www.PeterCroll.com
Healthcare Data Breaches Over 100 Million Affected in 2015 17 Excellus = additional 10,000,000 ©Peter Croll, 2016www.PeterCroll.com
topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 18©Peter Croll, 2016www.PeterCroll.com
Holistic approach  protection needs to be much broader than security  protection of patient privacy and confidentiality  trust determines our willingness to participate  the most important considerations is safety  a system is considered safe, when the risk of harm is at an acceptable level  you can avoid risks, accept risks, transfer risks or reduce risks  risk of harm to individuals, business, environment and the IT systems itself  resulting from breaches and other undesirable events with negative impacts 19©Peter Croll, 2016www.PeterCroll.com
holistic view SAFETY PRIVACYTRUST SECURITY CONFIDENTIALITY only those authorised can access those authorised don’t disclose secrets authorised protection protect individuals protect data protect secrets only those that ‘need to know’ can access keep identities secret authorised don’t disclose identities restrict access to secrets 20 ©Peter Croll, 2016 www.PeterCroll.com
Top 10 Questions regarding the Protection of Information Q# Chart Label Related Question Examples 1 ‘protect individuals’ Are the measure in place adequate to minimise harm that could result from identifying individuals and disclosing their personal information? Highly sensitive information may need extra care to ensure the individual it belongs to is not harmed though disclosure. HIV status is one such example that can have significant negative consequence for an individual such as their employment. 2 ‘protect data’ Are the security measure adequate to protect unauthorised access? For example, taking reasonable security measures, such as encryption, when using cloud services to store personal or confidential information. 3 ‘protect secrets’ Have any company secrets or personal information been adequately classified for protection? To protect against harm it is necessary to ensure the safety of information matches the confidentiality levels. For example, if the home address or movements of personnel is not classified as ‘confidential’ then this could but staff in danger; whereas if government secrets are not appropriately classified then this could cause serious or even exceptionally grave damage if this was to fall into the wrong hands. 4 ‘authorised protection’ Can you trust those who are authorised with information protection? The staff authorised to protect safety (i.e. protect individuals, the system and the environment) have been vetted and suitably trained? For example, using unqualified staff who have not been subject to police checks puts a higher risk on system safety. 5 ‘only those that ‘need to know’ can access’ Are the measure in place adequate for limiting access to secrets and personal information to only those personnel that ‘need to know’? For example, authorised users that can access personal information that is not part of their case load. If suitable role-based access control cannot be practically implemented, then does the company have any audit trails implemented that can check whenever inappropriate access has occurred? 21 Q# Chart Label Related Question Examples 6 ‘restrict access to secrets’ Are the measure in place adequate for limiting access to secrets and personal information based on classification levels? The company’s confidentiality levels are not suitably matched by the security measured put in place. For example, any ‘top secret’ documents that are not encrypted and are accessible without using two factor authentication. 7 ‘only those authorised can access’ Are the measure in place adequate to limit access to only those appropriately authorised? A common habit of sharing passwords or leaving the terminal unlocked can permit unauthorised access. It may also be necessary to validate users and checking their credentials. For example, achieving this via a phone call is not safe and a common method of social engineering used by adversaries. 8 ‘authorised don’t disclose identities’ Are the measure in place adequate to ensure those authorised don’t disclose the identities of individuals? Staff who have had suitable privacy training will ensure they verify who they are dealing with and what it is appropriate to disclose and to whom. For example, poor practices such as asking somebody if they are the Mr Lee who lives at Union Road could be disclosing information to close family members. 9 ‘those authorised don’t disclose secrets’ Are the measure in place adequate to ensure those authorised don’t disclose secrets or personal information? Authorised staff can permit breaches of confidentiality through poor practices such as not suitably identifying, labelling and handling confidential information. For example, use of shared drives for the convenience of file transfers with confidential information. 10 ‘keep identities secret’ Do the confidentiality measure in place ensure that identity of individuals are not inappropriately disclosed? The use of individual’s real names on accounts or equivalent labels could disclose which individuals are using the system. This could be critical if, for example, the accounts related to confidential services such as healthcare. ©Peter Croll, 2016
Video that explains all this is at: www.PeterCroll.com 22©Peter Croll, 2016www.PeterCroll.com
In conclusion  When protecting sensitive information, the core attribute needs to be Safety  Privacy, Security, Confidentiality and Trust should be mapped against Safety and each other.  This will generate 10 key questions from which other critical questions can be derived  For a system to be regarded as safe, risks must be managed to acceptable levels  By avoiding the risk within your system, accepting them, transferring to a third party or reducing the risk e.g. improved protection mechanisms  Risk analysis, requires knowledge of the IMPACTS that can result from undesirable events, such as a privacy breach. 23©Peter Croll, 2016www.PeterCroll.com
In conclusion  Generating a hierarchical listing of harm (individuals, systems and the environment) ensure a comprehensive analysis of negative impacts  Risk analysis also requires estimates of the LIKELIHOOD of an undesirable event occurring  Having appropriately analysed and managed the risks, will ensure you have the knowledge to develop a safe system that protects sensitive information  The holistic approach, ensures you have covered both the technical and human issues that can put the safety of your systems at unnecessary risk.  Not taking a holistic view, will leave your system vulnerable, and asking the question – WHAT DID I MISS? 24www.PeterCroll.com ©Peter Croll, 2016
Thank You 25

Recommended

Management Information System (Privacy Law)
Management Information System (Privacy Law)Management Information System (Privacy Law)
Management Information System (Privacy Law)Agnes Puspita
 
Safety Management Systems (SMS) Fundamentals: Framework Guidance
Safety Management Systems (SMS) Fundamentals: Framework GuidanceSafety Management Systems (SMS) Fundamentals: Framework Guidance
Safety Management Systems (SMS) Fundamentals: Framework GuidanceFAA Safety Team Central Florida
 
Safety Management Systems (SMS) Fundamentals: Safety Assurance
Safety Management Systems (SMS) Fundamentals: Safety AssuranceSafety Management Systems (SMS) Fundamentals: Safety Assurance
Safety Management Systems (SMS) Fundamentals: Safety AssuranceFAA Safety Team Central Florida
 
Safety Management Systems (SMS) Fundamentals: Basics
Safety Management Systems (SMS) Fundamentals: BasicsSafety Management Systems (SMS) Fundamentals: Basics
Safety Management Systems (SMS) Fundamentals: BasicsFAA Safety Team Central Florida
 
Key Recommendations for Health Information Privacy Reform
Key Recommendations for Health Information Privacy ReformKey Recommendations for Health Information Privacy Reform
Key Recommendations for Health Information Privacy ReformALRC
 
HIM-I 6-1 Stanzer Ed
HIM-I 6-1 Stanzer EdHIM-I 6-1 Stanzer Ed
HIM-I 6-1 Stanzer Ednstanzer
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and Data: Master Class
Privacy and Data: Master ClassPrivacy and Data: Master Class
Privacy and Data: Master ClassUTS Connected Intelligence Centre
 

Recommended

Management Information System (Privacy Law)
Management Information System (Privacy Law)Management Information System (Privacy Law)
Management Information System (Privacy Law)Agnes Puspita
 
Safety Management Systems (SMS) Fundamentals: Framework Guidance
Safety Management Systems (SMS) Fundamentals: Framework GuidanceSafety Management Systems (SMS) Fundamentals: Framework Guidance
Safety Management Systems (SMS) Fundamentals: Framework GuidanceFAA Safety Team Central Florida
 
Safety Management Systems (SMS) Fundamentals: Safety Assurance
Safety Management Systems (SMS) Fundamentals: Safety AssuranceSafety Management Systems (SMS) Fundamentals: Safety Assurance
Safety Management Systems (SMS) Fundamentals: Safety AssuranceFAA Safety Team Central Florida
 
Safety Management Systems (SMS) Fundamentals: Basics
Safety Management Systems (SMS) Fundamentals: BasicsSafety Management Systems (SMS) Fundamentals: Basics
Safety Management Systems (SMS) Fundamentals: BasicsFAA Safety Team Central Florida
 
Key Recommendations for Health Information Privacy Reform
Key Recommendations for Health Information Privacy ReformKey Recommendations for Health Information Privacy Reform
Key Recommendations for Health Information Privacy ReformALRC
 
HIM-I 6-1 Stanzer Ed
HIM-I 6-1 Stanzer EdHIM-I 6-1 Stanzer Ed
HIM-I 6-1 Stanzer Ednstanzer
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and Data: Master Class
Privacy and Data: Master ClassPrivacy and Data: Master Class
Privacy and Data: Master ClassUTS Connected Intelligence Centre
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Surabhi Jain
 
Research and The Law
Research and The LawResearch and The Law
Research and The LawMichael Bromby
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayJamie Boyd
 
ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)JAMAL JUMA
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...Andrew Harvey BA (Hons), MA, CISMP
 
Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 2016Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 20163GDR
 
"Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari..."Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari...Terry O'Brien
 
Privacy, human rights and Location Based Services
Privacy, human rights and Location Based ServicesPrivacy, human rights and Location Based Services
Privacy, human rights and Location Based Servicesblogzilla
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018amirhannan
 
Health Philippine Laws (1).pptx
Health Philippine Laws (1).pptxHealth Philippine Laws (1).pptx
Health Philippine Laws (1).pptxRyanDangcolis1
 
Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6 Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6UNIVERSITAS TEKNOKRAT INDONESIA
 
Government Analytics
Government AnalyticsGovernment Analytics
Government AnalyticsRandeep Sudan
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Legislation
LegislationLegislation
Legislationmegabyte
 
Information security legislation
Information security legislationInformation security legislation
Information security legislationstuimrozsm
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
Introduction to ADA
Introduction to ADAIntroduction to ADA
Introduction to ADAARDC
 
Architecture and Standards
Architecture and StandardsArchitecture and Standards
Architecture and StandardsARDC
 

More Related Content

Similar to Brisbane Health-y data: Privacy and Legal Framework

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Surabhi Jain
 
Research and The Law
Research and The LawResearch and The Law
Research and The LawMichael Bromby
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayJamie Boyd
 
ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)JAMAL JUMA
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...Andrew Harvey BA (Hons), MA, CISMP
 
Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 2016Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 20163GDR
 
"Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari..."Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari...Terry O'Brien
 
Privacy, human rights and Location Based Services
Privacy, human rights and Location Based ServicesPrivacy, human rights and Location Based Services
Privacy, human rights and Location Based Servicesblogzilla
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018amirhannan
 
Health Philippine Laws (1).pptx
Health Philippine Laws (1).pptxHealth Philippine Laws (1).pptx
Health Philippine Laws (1).pptxRyanDangcolis1
 
Government Analytics
Government AnalyticsGovernment Analytics
Government AnalyticsRandeep Sudan
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Legislation
LegislationLegislation
Legislationmegabyte
 
Information security legislation
Information security legislationInformation security legislation
Information security legislationstuimrozsm
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 

Similar to Brisbane Health-y data: Privacy and Legal Framework (20)

Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the Philippines
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminar
 
Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018Critical regulations governing data privacy and data protection 20 dec2018
Critical regulations governing data privacy and data protection 20 dec2018
 
Research and The Law
Research and The LawResearch and The Law
Research and The Law
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act Essay
 
ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)ACCESS TO INFORMATION Final Eugene (2)
ACCESS TO INFORMATION Final Eugene (2)
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
The Challenging and Changing Face of NHS Information Governance - Paper Deliv...
 
Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 2016Digital Health & Wellness Summit @ Mobile World Congress 2016
Digital Health & Wellness Summit @ Mobile World Congress 2016
 
"Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari..."Information Compliance - Freedom of Information, Data Protection and Librari...
"Information Compliance - Freedom of Information, Data Protection and Librari...
 
Privacy, human rights and Location Based Services
Privacy, human rights and Location Based ServicesPrivacy, human rights and Location Based Services
Privacy, human rights and Location Based Services
 
Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018Slides dr farah jameel's gdpr presentation april 2018
Slides dr farah jameel's gdpr presentation april 2018
 
Health Philippine Laws (1).pptx
Health Philippine Laws (1).pptxHealth Philippine Laws (1).pptx
Health Philippine Laws (1).pptx
 
Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6 Chapter 4_dp-pertemuan 6
Chapter 4_dp-pertemuan 6
 
Government Analytics
Government AnalyticsGovernment Analytics
Government Analytics
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
 
Legislation
LegislationLegislation
Legislation
 
Information security legislation
Information security legislationInformation security legislation
Information security legislation
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02
 

More from ARDC

Introduction to ADA
Introduction to ADAIntroduction to ADA
Introduction to ADAARDC
 
Architecture and Standards
Architecture and StandardsArchitecture and Standards
Architecture and StandardsARDC
 
Data Sharing and Release Legislation
Data Sharing and Release Legislation Data Sharing and Release Legislation
Data Sharing and Release Legislation ARDC
 
Australian Dementia Network (ADNet)
Australian Dementia Network (ADNet)Australian Dementia Network (ADNet)
Australian Dementia Network (ADNet)ARDC
 
Investigator-initiated clinical trials: a community perspective
Investigator-initiated clinical trials: a community perspectiveInvestigator-initiated clinical trials: a community perspective
Investigator-initiated clinical trials: a community perspectiveARDC
 
NCRIS and the health domain
NCRIS and the health domainNCRIS and the health domain
NCRIS and the health domainARDC
 
International perspective for sharing publicly funded medical research data
International perspective for sharing publicly funded medical research dataInternational perspective for sharing publicly funded medical research data
International perspective for sharing publicly funded medical research dataARDC
 
Clinical trials data sharing
Clinical trials data sharingClinical trials data sharing
Clinical trials data sharingARDC
 
Clinical trials and cohort studies
Clinical trials and cohort studiesClinical trials and cohort studies
Clinical trials and cohort studiesARDC
 
Introduction to vision and scope
Introduction to vision and scopeIntroduction to vision and scope
Introduction to vision and scopeARDC
 
FAIR for the future: embracing all things data
FAIR for the future: embracing all things dataFAIR for the future: embracing all things data
FAIR for the future: embracing all things dataARDC
 
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian Duncan
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian DuncanARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian Duncan
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian DuncanARDC
 
Skilling-up-in-research-data-management-20181128
Skilling-up-in-research-data-management-20181128Skilling-up-in-research-data-management-20181128
Skilling-up-in-research-data-management-20181128ARDC
 
Research data management and sharing of medical data
Research data management and sharing of medical dataResearch data management and sharing of medical data
Research data management and sharing of medical dataARDC
 
Findable, Accessible, Interoperable and Reusable (FAIR) data
Findable, Accessible, Interoperable and Reusable (FAIR) dataFindable, Accessible, Interoperable and Reusable (FAIR) data
Findable, Accessible, Interoperable and Reusable (FAIR) dataARDC
 
Applying FAIR principles to linked datasets: Opportunities and Challenges
Applying FAIR principles to linked datasets: Opportunities and ChallengesApplying FAIR principles to linked datasets: Opportunities and Challenges
Applying FAIR principles to linked datasets: Opportunities and ChallengesARDC
 
How to make your data count webinar, 26 Nov 2018
How to make your data count webinar, 26 Nov 2018How to make your data count webinar, 26 Nov 2018
How to make your data count webinar, 26 Nov 2018ARDC
 
Ready, Set, Go! Join the Top 10 FAIR Data Things Global Sprint
Ready, Set, Go! Join the Top 10 FAIR Data Things Global SprintReady, Set, Go! Join the Top 10 FAIR Data Things Global Sprint
Ready, Set, Go! Join the Top 10 FAIR Data Things Global SprintARDC
 
How FAIR is your data? Copyright, licensing and reuse of data
How FAIR is your data? Copyright, licensing and reuse of dataHow FAIR is your data? Copyright, licensing and reuse of data
How FAIR is your data? Copyright, licensing and reuse of dataARDC
 
Peter neish DMPs BoF eResearch 2018
Peter neish DMPs BoF eResearch 2018Peter neish DMPs BoF eResearch 2018
Peter neish DMPs BoF eResearch 2018ARDC
 

More from ARDC (20)

Introduction to ADA
Introduction to ADAIntroduction to ADA
Introduction to ADA
 
Architecture and Standards
Architecture and StandardsArchitecture and Standards
Architecture and Standards
 
Data Sharing and Release Legislation
Data Sharing and Release Legislation Data Sharing and Release Legislation
Data Sharing and Release Legislation
 
Australian Dementia Network (ADNet)
Australian Dementia Network (ADNet)Australian Dementia Network (ADNet)
Australian Dementia Network (ADNet)
 
Investigator-initiated clinical trials: a community perspective
Investigator-initiated clinical trials: a community perspectiveInvestigator-initiated clinical trials: a community perspective
Investigator-initiated clinical trials: a community perspective
 
NCRIS and the health domain
NCRIS and the health domainNCRIS and the health domain
NCRIS and the health domain
 
International perspective for sharing publicly funded medical research data
International perspective for sharing publicly funded medical research dataInternational perspective for sharing publicly funded medical research data
International perspective for sharing publicly funded medical research data
 
Clinical trials data sharing
Clinical trials data sharingClinical trials data sharing
Clinical trials data sharing
 
Clinical trials and cohort studies
Clinical trials and cohort studiesClinical trials and cohort studies
Clinical trials and cohort studies
 
Introduction to vision and scope
Introduction to vision and scopeIntroduction to vision and scope
Introduction to vision and scope
 
FAIR for the future: embracing all things data
FAIR for the future: embracing all things dataFAIR for the future: embracing all things data
FAIR for the future: embracing all things data
 
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian Duncan
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian DuncanARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian Duncan
ARDC 2018 state engagements - Nov-Dec 2018 - Slides - Ian Duncan
 
Skilling-up-in-research-data-management-20181128
Skilling-up-in-research-data-management-20181128Skilling-up-in-research-data-management-20181128
Skilling-up-in-research-data-management-20181128
 
Research data management and sharing of medical data
Research data management and sharing of medical dataResearch data management and sharing of medical data
Research data management and sharing of medical data
 
Findable, Accessible, Interoperable and Reusable (FAIR) data
Findable, Accessible, Interoperable and Reusable (FAIR) dataFindable, Accessible, Interoperable and Reusable (FAIR) data
Findable, Accessible, Interoperable and Reusable (FAIR) data
 
Applying FAIR principles to linked datasets: Opportunities and Challenges
Applying FAIR principles to linked datasets: Opportunities and ChallengesApplying FAIR principles to linked datasets: Opportunities and Challenges
Applying FAIR principles to linked datasets: Opportunities and Challenges
 
How to make your data count webinar, 26 Nov 2018
How to make your data count webinar, 26 Nov 2018How to make your data count webinar, 26 Nov 2018
How to make your data count webinar, 26 Nov 2018
 
Ready, Set, Go! Join the Top 10 FAIR Data Things Global Sprint
Ready, Set, Go! Join the Top 10 FAIR Data Things Global SprintReady, Set, Go! Join the Top 10 FAIR Data Things Global Sprint
Ready, Set, Go! Join the Top 10 FAIR Data Things Global Sprint
 
How FAIR is your data? Copyright, licensing and reuse of data
How FAIR is your data? Copyright, licensing and reuse of dataHow FAIR is your data? Copyright, licensing and reuse of data
How FAIR is your data? Copyright, licensing and reuse of data
 
Peter neish DMPs BoF eResearch 2018
Peter neish DMPs BoF eResearch 2018Peter neish DMPs BoF eResearch 2018
Peter neish DMPs BoF eResearch 2018
 

Recently uploaded

Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Miss joya
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girlsnehamumbai
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...narwatsonia7
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safenarwatsonia7
 
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipurparulsinha
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.MiadAlsulami
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Gabriel Guevara MD
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...narwatsonia7
 
Call Girl Indore Vrinda 9907093804 Independent Escort Service Indore
Call Girl Indore Vrinda 9907093804 Independent Escort Service IndoreCall Girl Indore Vrinda 9907093804 Independent Escort Service Indore
Call Girl Indore Vrinda 9907093804 Independent Escort Service IndoreRiya Pathan
 
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...Garima Khatri
 
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Service
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort ServiceCall Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Service
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Serviceparulsinha
 
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...narwatsonia7
 
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...CALL GIRLS
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowNehru place Escorts
 
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safenarwatsonia7
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowRiya Pathan
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceNehru place Escorts
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...narwatsonia7
 

Recently uploaded (20)

Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
Low Rate Call Girls Pune Esha 9907093804 Short 1500 Night 6000 Best call girl...
 
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy GirlsCall Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
Call Girls In Andheri East Call 9920874524 Book Hot And Sexy Girls
 
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
Call Girls Electronic City Just Call 7001305949 Top Class Call Girl Service A...
 
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Jp Nagar Just Call 7001305949 Top Class Call Girl Service Available
 
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
 
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls JaipurCall Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipur
Call Girls Service Jaipur Grishma WhatsApp ❀8445551418 VIP Call Girls Jaipur
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
 
Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024Asthma Review - GINA guidelines summary 2024
Asthma Review - GINA guidelines summary 2024
 
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
Call Girls Service in Bommanahalli - 7001305949 with real photos and phone nu...
 
Call Girl Indore Vrinda 9907093804 Independent Escort Service Indore
Call Girl Indore Vrinda 9907093804 Independent Escort Service IndoreCall Girl Indore Vrinda 9907093804 Independent Escort Service Indore
Call Girl Indore Vrinda 9907093804 Independent Escort Service Indore
 
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
 
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCREscort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
 
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Service
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort ServiceCall Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Service
Call Girls Service In Shyam Nagar Whatsapp 8445551418 Independent Escort Service
 
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
Call Girls Frazer Town Just Call 7001305949 Top Class Call Girl Service Avail...
 
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira â€ïžđŸ‘ 8250192130 👄 Independent Escort Service ...
 
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowKolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Kolkata Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Marathahalli 📞 9907093804 High Profile Service 100% Safe
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort ServiceCollege Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
College Call Girls Vyasarpadi Whatsapp 7001305949 Independent Escort Service
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
 

Brisbane Health-y data: Privacy and Legal Framework

  • 1. Privacy and Legal framework - legislative patchwork - what is ‘reasonable’ - holistic approach DR PETER R. CROLL PRC@PETERCROLL.COM 1
  • 2. topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 2©Peter Croll, 2016www.PeterCroll.com
  • 3. topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 3©Peter Croll, 2016www.PeterCroll.com
  • 5. legislative patchwork 5 medium to large businesses/entities small businesses/entities commonwealth ©Peter Croll, 2016www.PeterCroll.com
  • 6. legislative patchwork 6 state/territory governments medium to large businesses/entities small businesses/entities commonwealth ©Peter Croll, 2016www.PeterCroll.com
  • 7. legislative patchwork 7 state/territory governments medium to large businesses/entities small businesses/entities The Privacy Act 1988 (Cth) commonwealth ©Peter Croll, 2016www.PeterCroll.com
  • 8. legislative patchwork 8 state/territory governments medium to large businesses/entities small businesses/entities Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Information Act 2002 (NT) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth ©Peter Croll, 2016www.PeterCroll.com
  • 9. legislative patchwork 9 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
  • 10. legislative patchwork 10 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) commonwealth cover by contract Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
  • 11. legislative patchwork 11 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) The Healthcare Identifiers Act 2010 (Cth) My Health Record Act 2012 (Cth) Freedom of Information Act (FOIA) 1982 (Cth) commonwealth cover by contract Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
  • 12. legislative patchwork 12 state/territory governments medium to large businesses/entities small businesses/entities Health Records and Information Privacy Act 2000 (NSW) Information Privacy Act 2000 (Vic) Information Privacy Act 2009 (Qld) Right to Information Act 2009 (Tas) Personal Information Protection Act 2004 (Tas) Information Privacy Act 2014 (ACT) The Privacy Act 1988 (Cth) Right to Information Act 2009 (Qld) Health Records Act 2001 (Vic) Health Act 1911 (WA) Public Health Act 1997 (Tas) Public Health Act 1997 (ACT) Information Act 2002 (NT) Personal Injuries Proceedings Act 2002 (Qld) Government Information (Public Access) Act 2009 (NSW) Freedom of Information Act 1982 (Vic) Freedom of Information Act 1991 (SA) Freedom of Information Act 1992 (WA) Drugs of Dependence Act 1989 (ACT) Cancer (Registration) Act 1997 (NT) Hospital and Health Boards Act 2011 (Qld) Drug Court Act 1998 (NSW) Health Records and Information Privacy Regulation 2012 (NSW) Privacy and Personal Information Protection Act 1998 (NSW) The Healthcare Identifiers Act 2010 (Cth) My Health Record Act 2012 (Cth) Freedom of Information Act (FOIA) 1982 (Cth) commonwealth cover by contract ANU/Bond public Health Records (Privacy and Access) Act 1997 (ACT) ©Peter Croll, 2016www.PeterCroll.com
  • 14. topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 14©Peter Croll, 2016www.PeterCroll.com
  • 15. what is ‘reasonable’  reasonable appears 155 times in Privacy Act  is encryption reasonable?  are cloud services reasonable?  is it reasonable to store overseas?  is it reasonable for the cloud service provider to mange the encryption keys?  is this your problem? 15©Peter Croll, 2016www.PeterCroll.com
  • 16. reasonable security 11 Australian Privacy Principle 11—Security of Personal information 11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information: (a) from misuse, interference and loss; and (b) from unauthorised access, modification or disclosure. 11.2 If: (a) an APP entity holds personal information about an individual



 


.. the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified. 16©Peter Croll, 2016www.PeterCroll.com
  • 17. Healthcare Data Breaches Over 100 Million Affected in 2015 17 Excellus = additional 10,000,000 ©Peter Croll, 2016www.PeterCroll.com
  • 18. topics  legislative patchwork (introduction to Australian legal framework on health information protection)  what is ‘reasonable’ (privacy demands ‘reasonable security’ and confidentiality measures – what does that entail in today’s cyber world)?  holistic approach (the necessity to take a holistic view on to minimise privacy risks to acceptable levels) 18©Peter Croll, 2016www.PeterCroll.com
  • 19. Holistic approach  protection needs to be much broader than security  protection of patient privacy and confidentiality  trust determines our willingness to participate  the most important considerations is safety  a system is considered safe, when the risk of harm is at an acceptable level  you can avoid risks, accept risks, transfer risks or reduce risks  risk of harm to individuals, business, environment and the IT systems itself  resulting from breaches and other undesirable events with negative impacts 19©Peter Croll, 2016www.PeterCroll.com
  • 20. holistic view SAFETY PRIVACYTRUST SECURITY CONFIDENTIALITY only those authorised can access those authorised don’t disclose secrets authorised protection protect individuals protect data protect secrets only those that ‘need to know’ can access keep identities secret authorised don’t disclose identities restrict access to secrets 20 ©Peter Croll, 2016 www.PeterCroll.com
  • 21. Top 10 Questions regarding the Protection of Information Q# Chart Label Related Question Examples 1 ‘protect individuals’ Are the measure in place adequate to minimise harm that could result from identifying individuals and disclosing their personal information? Highly sensitive information may need extra care to ensure the individual it belongs to is not harmed though disclosure. HIV status is one such example that can have significant negative consequence for an individual such as their employment. 2 ‘protect data’ Are the security measure adequate to protect unauthorised access? For example, taking reasonable security measures, such as encryption, when using cloud services to store personal or confidential information. 3 ‘protect secrets’ Have any company secrets or personal information been adequately classified for protection? To protect against harm it is necessary to ensure the safety of information matches the confidentiality levels. For example, if the home address or movements of personnel is not classified as ‘confidential’ then this could but staff in danger; whereas if government secrets are not appropriately classified then this could cause serious or even exceptionally grave damage if this was to fall into the wrong hands. 4 ‘authorised protection’ Can you trust those who are authorised with information protection? The staff authorised to protect safety (i.e. protect individuals, the system and the environment) have been vetted and suitably trained? For example, using unqualified staff who have not been subject to police checks puts a higher risk on system safety. 5 ‘only those that ‘need to know’ can access’ Are the measure in place adequate for limiting access to secrets and personal information to only those personnel that ‘need to know’? For example, authorised users that can access personal information that is not part of their case load. If suitable role-based access control cannot be practically implemented, then does the company have any audit trails implemented that can check whenever inappropriate access has occurred? 21 Q# Chart Label Related Question Examples 6 ‘restrict access to secrets’ Are the measure in place adequate for limiting access to secrets and personal information based on classification levels? The company’s confidentiality levels are not suitably matched by the security measured put in place. For example, any ‘top secret’ documents that are not encrypted and are accessible without using two factor authentication. 7 ‘only those authorised can access’ Are the measure in place adequate to limit access to only those appropriately authorised? A common habit of sharing passwords or leaving the terminal unlocked can permit unauthorised access. It may also be necessary to validate users and checking their credentials. For example, achieving this via a phone call is not safe and a common method of social engineering used by adversaries. 8 ‘authorised don’t disclose identities’ Are the measure in place adequate to ensure those authorised don’t disclose the identities of individuals? Staff who have had suitable privacy training will ensure they verify who they are dealing with and what it is appropriate to disclose and to whom. For example, poor practices such as asking somebody if they are the Mr Lee who lives at Union Road could be disclosing information to close family members. 9 ‘those authorised don’t disclose secrets’ Are the measure in place adequate to ensure those authorised don’t disclose secrets or personal information? Authorised staff can permit breaches of confidentiality through poor practices such as not suitably identifying, labelling and handling confidential information. For example, use of shared drives for the convenience of file transfers with confidential information. 10 ‘keep identities secret’ Do the confidentiality measure in place ensure that identity of individuals are not inappropriately disclosed? The use of individual’s real names on accounts or equivalent labels could disclose which individuals are using the system. This could be critical if, for example, the accounts related to confidential services such as healthcare. ©Peter Croll, 2016
  • 22. Video that explains all this is at: www.PeterCroll.com 22©Peter Croll, 2016www.PeterCroll.com
  • 23. In conclusion  When protecting sensitive information, the core attribute needs to be Safety  Privacy, Security, Confidentiality and Trust should be mapped against Safety and each other.  This will generate 10 key questions from which other critical questions can be derived  For a system to be regarded as safe, risks must be managed to acceptable levels  By avoiding the risk within your system, accepting them, transferring to a third party or reducing the risk e.g. improved protection mechanisms  Risk analysis, requires knowledge of the IMPACTS that can result from undesirable events, such as a privacy breach. 23©Peter Croll, 2016www.PeterCroll.com
  • 24. In conclusion  Generating a hierarchical listing of harm (individuals, systems and the environment) ensure a comprehensive analysis of negative impacts  Risk analysis also requires estimates of the LIKELIHOOD of an undesirable event occurring  Having appropriately analysed and managed the risks, will ensure you have the knowledge to develop a safe system that protects sensitive information  The holistic approach, ensures you have covered both the technical and human issues that can put the safety of your systems at unnecessary risk.  Not taking a holistic view, will leave your system vulnerable, and asking the question – WHAT DID I MISS? 24www.PeterCroll.com ©Peter Croll, 2016