Telemedicine: the high cost of breaching patient privacy regulations

In recent years, we've seen a rapid uptake of telemedicine services across a range of medical conditions, offering convenience for patients and efficiency for practices.

Karen Castle, Risk Adviser, Risk Advisory Services, Avant.

Tuesday, 30 July 2024

telemedicine-the-high-cost-of-breaching-patient-privacy-regulations

In recent years, we've seen a rapid uptake of telemedicine services across a range of medical conditions, offering convenience for patients and efficiency for practices. However, providing this type of service requires careful consideration of the regulations to safeguard patient privacy and avoid breaching privacy laws, which can carry hefty penalties.

The following case demonstrates the extent to which taking advantage of newer technologies can potentially expose a practice and its employees to situations where strict compliance with privacy and data protection laws is necessary.

Patient enquiry exposes data integrity risk

A seemingly simple enquiry from a patient triggered a series of revelations that a practice was not meeting many privacy requirements. The patient, who had read media reports on patient information being sold to third parties and was concerned about the potential for misuse of their data, had called the practice and requested a copy of their privacy policy.

On realising they didn’t have one, the practice, which had been newly established to provide dedicated telemedicine services, contacted Avant for assistance.

After talking to the practice about their policies and procedures, the medico-legal adviser realised that, in addition to needing advice on the wording of a privacy policy, there were potentially several other areas of the business where the integrity of data they handled was at risk of being compromised. The case was promptly referred to Avant’s Risk Advisory Service (RAS) to work with the practice to identify and rectify any deficiencies.

Identifying key risks and challenges

An assessment conducted by RAS revealed several vulnerabilities within the practice's operations:

  • Insecure communication platforms: Practitioners were using channels such as Skype and FaceTime for their patient consultations, without realising these video conferencing services did not provide a secure platform for discussion about sensitive medical matters.
  • Outsourced administration: For cost efficiency, the practice was using an external company to handle administration tasks. They had not checked what privacy training or protocols around handling data the staff from this virtual company had received. This posed a significant risk of sensitive medical information being mishandled.
  • Cross-border data transfer: The virtual administration service employed staff in other countries, which meant sensitive health data was being sent overseas. This raised concerns about compliance with Australian Privacy Principles (APP), particularly APP 8, which regulates disclosure of personal information outside of Australia, and stipulates that a practice must “ensure that any overseas provider takes relevant steps to protect the information from misuse, interference, loss and unauthorised access, modification or disclosure”.
  • Lack of centralised medical records: Individual practitioners were keeping records for their own patients, without making this information available through a secure centralised system. This limited the opportunity to provide continuity of care if one of the specialists were absent. Also, if a patient wanted to talk to someone else, they would have needed to provide their information all over again.

Assessing the issue and implementing change

Prioritising patient privacy and compliance isn't just good practice – it's essential for maintaining integrity and trust in an increasingly digital healthcare environment.

With the guidance of our advisers, the practice was able to navigate the privacy and data protection challenges they were facing in providing telemedicine consultations. Subsequently, with our support, they implemented a range of system enhancements necessary to ensure compliance, including:

  • Developing a robust privacy policy.
  • Establishing secure communication platforms compliant with privacy regulations.
  • Implementing privacy training for all staff members, particularly including anyone who handled patient information.
  • Exploring options for centralised medical records management to facilitate continuity of care.

To help them stay on top of the regulatory landscape around safeguarding patient privacy, they were also made aware of the ongoing support available to members through Avant Assist.

Penalties for breaching the Privacy Act can be severe. In addition to the substantial fines that can be imposed, a practice under investigation will have to deal with:

  • Cost and stress of defending the practice in a court case.
  • Compromised reputation for the business from bad PR.
  • Loss of trust for individual doctors from their patients.

Ask yourself these questions

Practices who have expanded their services to offer telemedicine consultations, or have set up to offer dedicated telemedicine facilities, need to make sure they are well-equipped to address privacy and compliance challenges.


Ask yourself these four questions to help identify whether your policies and procedures designed to safeguard patient privacy are robust:


  • Do you provide staff with training and ongoing supervision and controls to ensure that privacy regulations are understood and maintained?
  • Have you implemented policies, procedures and systems that reflect the relevant APPs?
  • Have you invested in secure encryption technology or other secure processes for transferring and storing sensitive health information?
  • Do you have a data breach response plan?

If you’ve answered 'no' to any of these questions, we suggest you take a proactive approach and seek expert support from our advisory services. They can identify and help resolve any areas of concern, which will allow you to operate with confidence and continue to deliver high-quality care to your patients.


You will also need to consider the Medical Board’s Code of Conduct and Guidelines: Telehealth consultations with patients, which emphasises that telehealth consultations should meet the same standards as care provided in a face-to-face consultation.

This article was originally published in Connect magazine issue 22.

References and further reading

Avant Assist: Resources and services to support you in delivering safe, best-practice care

Medical Board of Australia: Telehealth consultations with patients

More information

For medico-legal advice, please contact us on nca@avant.org.au or call 1800 128 268, 24/7 in emergencies.

Topic
Career stage

Other resources

  1. Telehealth with patient on computer screen

    Telehealth essentials

  2. should-you-use-ai-documentation-tools

    Should you use AI documentation tools?

  3. telemedicine-the-high-cost-of-breaching-patient-privacy-regulations

    Telemedicine: the high cost of breaching patient privacy regulations

More ways we can help you

Indemnity insurance
Health insurance
Practice solutions
Finance
Legal services
Life & income protection

Disclaimers

The case discussed in this article is based on a real case. Certain information has been de-identified to preserve privacy and confidentiality.

IMPORTANT: This publication is not comprehensive and does not constitute legal or medical advice. You should seek legal or other professional advice before relying on any content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is only current at the date initially published.

To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation, Avant acknowledges the Traditional Custodians of Country throughout Australia, and their connections to land, sea and community. As a national organisation, we pay our respects to Elders past and present, of the lands on which we gather and work, and extend that respect to all Aboriginal and Torres Strait Islander peoples.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Finance is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.