Security/storage of health information
Health services should have in place:
Procedures to give access to the information only to those people who are authorised to have access;
Security measures to prevent unauthorised access to the records;
Where practicable, procedures for storing the information in a way that the identity of the person is not readily apparent from the face of the record, for example by the use of identification codes; and
Where the record is not to be retained, secure procedures for destroying the records.
Electronic records pose particular challenges. Electronic record systems pose increased risks for access by unauthorised staff and ‘browsing’ and data leakage. Medical practices must address the security of data storage/transfer systems, including the risks posed by staff who may intentionally or inadvertently access electronic records for reasons unrelated to the provision of health care.