By Rhiannon Riches
Media attention in recent months has focused on patients’ concerns over patient data privacy standards, and data breaches.
Patients are questioning the security and safety of their personal information at a time when more and more health care appointments are created online through booking engines.
As health care providers, optometrists need to understand the data privacy relationship between themselves and their patients, between their patients and health care booking engines, and between health care booking engines and Optometry Australia.
VIDEO: Luke Arundel explains what you need to know about patient data privacy
John Karis is Optometry Australia’s Privacy Manager and manages relationships with heath care search engine providers who have contracted Optometry Australia to host their online booking engine.
‘Optometry Australia currently has an agreement with one heath care search engine provider to host their booking engine on our Good vision for life website. However, Optometry Australia does not own or have access to patient data or any of the information that patients are required to provide when booking an online appointment via Good vision for life,’ Mr Karis said.
‘When a patient books an appointment through the Good vision for life ‘Find an Optometrist’ search function and booking engine, hosted by Optometry Australia, the search engine provider owns the patient data and the information that a patient provides – not Optometry Australia, or the optometrist or practice the appointment is made with,’ he said.
‘All patient data – such as name, age, address, private health fund, and current eye health conditions – is held by the search engine provider,’ he said.
When entering their personal data while making a booking, the patient is entering into a privacy agreement between themselves and the search engine provider, and not between the patient and the optometrist.
Mr Karis clarified that the relationship between the search engine provider and the optometrist is only the agreement for the provision of the booking service.
‘There is an agreement between the search engine provider (third party) and optometrist, plus an agreement between the optometrist and their patient.
‘Each is responsible for their relationship and must abide by the Australian Privacy Act in relation to the collection and use of personal information. Search engine providers such as MyHealth1st should not disclose information to third parties, and optometrists should not disclose information to third parties unless it is in the interest of the optometrist or patient and could be reasonably expected as part of the service,’ Mr Karis said.
In a statement published on the Australian Stock Exchange on 26 June, the company said 1st Group does not share patient information with third parties without clear, express and specific consent being provided by the patient well in advance and always ensuring complete transparency.
Klaus Bartosch, Managing Director, said: ‘Operating a health care platform requires careful management of private information and we take that responsibility seriously … It is therefore paramount that we protect the interests and data of all parties, and it is this sensitivity that has shaped our privacy, data collection policies and business model.’
View 1st Group’s full statement here.