CHANGES to Australia's Data Breach Notification Laws which became effective last month have significant implications for Australian pharmacy businesses, according to Giuseppe Carollo from pharmacy insurance specialist Carollo Horton.
Prior to this law being passed, notification was voluntary for most entities where a data breach had occurred, Carollo said.
However now the new laws require pharmacists in a business or businesses with a total annual turnover greater than $3 million to notify the Office of the Australian Information Commissioner where there are reasonable grounds to believe that an "eligible data breach" has occurred.
An "eligible" breach is defined as one where there is "unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity" and "the access, disclosure or loss is likely to result in serious harm to any of the individuals whom the information relates," he told Pharmacy Daily.
The law does not specify a number of breaches, meaning that even one cyber intrusion could be considered "eligible".
Carollo highlighted that with the amount of personal information stored on pharmacy computers, the burden of having to alert every individual of a compromise of their information can be mitigated by an effective cyber insurance policy.
"You should ensure that your data breach response plans are effective and up-to-date, and that you have internal and external contacts ready to respond swiftly when a breach occurs," he said.
In response to the changes Carollo Horton has created what Carollo said was the first pharmacy-specific Cyber Insurance product, along with a dedicated cyber support hotline to help policy holders 24/7.
See carollohorton.com.au.
The above article was sent to subscribers in Pharmacy Daily's issue from 22 Mar 18
To see the full newsletter, see the embedded issue below or CLICK HERE to download Pharmacy Daily from 22 Mar 18