May 17, 2021

Retention & Destruction of Patient Medical Records

Secure Retention & Destruction of Patient Medical Records in Australia

Since the pandemic turned our lives and livelihoods upside down, bad actors have been trying to exploit the vulnerabilities laid bare by COVID-19. In response, healthcare has suffered an alarming rate of data breaches, accounting for 22% of all breaches between January and June 2020 – more than any other industry – as per data published by the Office of the Australian Information Commissioner1.

Part and parcel of this is the sheer value of unlawfully acquired medical records. On the black market, the rate for social security numbers is 10 cents and credit card numbers are worth some 25 cents, whereas medical records could be worth hundreds or even thousands of dollars2. But this astronomic rise in data breaches is also because bad actors know just how stretched healthcare professionals have been – and they’ve taken every advantage of this.
But enough is enough. It’s time to take the fight to data thieves, and in this case, the best form of attack is defence. By doing everything within your power to protect your confidential information, this is one of the most effective ways to undermine their efforts and mitigate the risks – and you don’t have to go it alone.

Shred-it is committed to protecting what matters, and what matters to us is the security of your patients, practices and employees. By following the below steps and entrusting our secure destruction services, together we can swing the fight back in our favour and support businesses in the healthcare sector to avoid the clutches of bad actors.

How to Securely Retain Patient Medical Records in Australia

Collecting and retaining patient medical records is part and parcel of the healthcare profession in Australia. But in doing so, it’s essential that medical practitioners collect, use and disclose personal health information in accordance with the National Privacy Act 1988 and the associated Australian Privacy Principles. In addition, personal information must be kept and stored securely, until otherwise destroyed.

Ultimately, medical records can be kept as physical files or electronically. But regardless of how they’re kept, all must be stored in a manner that preserves the confidentiality of the patient, protects against misuse or unauthorised access, prevents damage, loss or theft and allows authorised access to ensure continuity of treatment.

If you’re wondering how long medical records need to be kept in Australia, most regulatory bodies report that health information collected from adults should be retained for seven years after their last health service, and health information collected from children should be retained until they reach the age of 25.

Protecting Patient Medical Records & Preventing Data Breaches in Australia

For the duration of the time medical records are in your possession, it’s imperative they’re kept secure. Essential to doing so is ensuring employees are confidently able to handle any confidential documents, which first requires a privacy policy outlining how information is collected, used and disclosed in your practice.

In addition, it’s also vital to have documented privacy and security procedures, including processes for managing staff authorisation, authentication and access to records. But above all, staff or anyone authorised to handle documents should undergo regular education and awareness training, to reduce the risks of human error that are often the leading cause of data breaches.

Should a breach occur, it’s also important to have a data breach response plan to apply if a privacy or security breach is discovered. But if you’re ever in doubt about how to secure patient medical records, refer to the OAIC’s Guide to Securing Personal Information3.

How to Securely Destroy Patient Medical Records in Australia

Once the allotted time to retain medical records has passed, it’s imperative medical records are securely destroyed. Official bodies recommend the use of a secure document destruction company, with adequate security measures in place to guarantee safe transit and destruction.

So, who better than Shred-it? Our secure document destruction services are one of the safest and most effective ways to shred and destroy unwanted medical records. But we also apply proven, state-of-the-art, chain of custody protocols for document destruction. So, from the moment we collect your patient medical records, up until destruction and recycling, your confidential data is protected at all times.

Once shredded, you’ll also receive a certificate of destruction confirming the secure destruction and recycling of your documents. But more than just a certificate, this is your audit trail to prove that your business is compliant with the regulations outlined by the OAIC.

Get in touch today to see how we can help protect your medical practice from data thieves.

1 Kroll
2 Forbes
3 Guide to Securing Personal Information (OAIC)

This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.