Doctors and other healthcare professionals may face onerous new administrative work if Parliament passes a proposed new national Health Bill, which is aimed at protecting patient confidentiality.
Provisions of the Bill are designed to force healthcare establishments to protect their online information from unauthorised entry and use.
"Heath service providers such as hospitals and clinics are easy targets for cyber terrorists," says Reinhardt Buys, head of cyber law firm Buys Inc. "Hackers who amend medical records can cause significant loss and damage to both the healthcare provider and the patient - and patients could receive the wrong treatment and medication.
"A hospital being sued by a patient who had a leg wrongly amputated because his or her patient record was accessed and amended without authority, suddenly seems a real possibility," says Buys.
According to the proposed Bill, the National Department of Health and the provincial health departments will be responsible for maintaining, disseminating and providing adequate and comprehensive information on available health services to the public. Health establishments must retain and maintain the health records and confidentiality of all patients.
Patient information may only be released with the patient`s written consent, a court order, or to "avoid a serious threat".
Failure by the responsible people in a health establishment to adhere to the Bill`s provisions could result in a fine, or imprisonment of up to one year, or both.
Easy targets
Buys says hospitals and other healthcare providers have been recognised as easy targets for cyber attacks.
"A direct marketing organisation hacked into a London Hospital`s records to gain access to patients` contact details - the patients subsequently received spam e-mails advertising products related to their illnesses," he says.
During the six-week period from August to middle September, the Web sites of more than 107 hospitals, clinics and pharmacies were attacked and defaced by hackers worldwide. The list includes the Bantry Bay Pharmacy`s Web site, which was defaced on 21 July by a hacker referred to as "7up", who was responsible for attacking a number of other SA Web sites.
"Healthcare providers may also suffer reputational harm resulting from a successful cyber attack," says Buys.
Healthcare providers also face up to more than 22 other pieces of legislation to force them to retain certain records for specified period, he adds. The most common example of these laws is the Income Tax Act 58 of 1963, which requires the retention of more than 38 documents or agreements. However, some pieces of legislation, not so commonly known, such as the Wages Act 5 of 1957 and the Stamp Duties Act 77 of 1968 also provide stringent record retention duties and responsibilities.
"Before the widespread use of e-mail, records management was fairly easy - certain paper documents had to be filed in certain files. Archive personnel or library staff normally discharged these duties. However, newer Acts such as the ECT Act also have to be complied with," Buys says.
Share