20 - Anna Johnston, Sallinger Privacy

If you work in the healthcare industry you have a huge responsibility when it comes to managing sensitive patient information, whether you’re a big software vendor or a single physiotherapist, everyone needs to follow the same rules, and there are some pretty serious consequences for not doing it properly.  Do you know what your obligations are and if you’re doing a good job? Check this episode out to find out!   Who is Anna Johnston Anna Johnston is one of Australia’s most respected experts in privacy law and practice. She has qualifications in law, public policy and management, and 26 years’ experience in legal, policy and research roles.  Anna has a breadth of perspectives and a wealth of experience to dealing with privacy and data governance issues. She is the former Deputy Privacy Commissioner for NSW, so she knows the regulator’s perspective and since 2004 is the Director for consulting firm “Salinger Privacy”. Anna has been called upon to provide expert testimony before various Parliamentary inquiries and the Productivity Commission, spoken at numerous conferences, and is regularly asked to comment on privacy issues in the media.   Anna holds a first class honours degree in Law, a Masters of Public Policy with honours, a Graduate Certificate in Management, a Graduate Diploma of Legal Practice, and a Bachelor of Arts, plus a number of other relevant and well regarded certificates and industry associations.  In this Episode you’ll learn 2:08 - About Salinger Privacy 4:55 - Privacy Concerns in Data (with a focus on health tech) 8:15 - All about, privacy reviews, data flows, data governance, and privacy design 14:28 -AI - How does it fit ethically, legally and is policy keeping up with innovation  16:40 - AI - GDPR, challenges for AI with diagnostic decisions   20:10 - AI - Transparency, Accountability and Consent 26:00 - Legal Obligations with Data Privacy Key TakeAways When it comes to privacy law in Australia, the same laws and consequences apply to everyone dealing with healthcare information - whether they are a big institution of a single doctor. While Data Privacy breaches do happen they are often the result of lack of education and or the best intentions in mind, not so much because of malicious intent Often AI is trained on data that was collected not for the intention of training the machine, so the concept of informed consent is a tricky one  The simple “tick this box to agree” actually isn’t enough and more emphasis needs to be put on clearly communicating clearly with the person who’s data is being collected The expectations of patients data privacy holds the health and medical industries to the highest levels of scrutiny meaning that breaches are to be reported to the Price  Commissioners office and the patients whose privacy has been breached   Links Anna Johnston Twitter - @SalingerPrivacy  Anna Johnston LinkedIn - https://www.linkedin.com/in/anna-johnston-ba188410a/ Notifiable Data Breaches Scheme - https://www.oaic.gov.au/ndb  GDPR - https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/  MSIA - https://msia.com.au/  Salinger Privacy - https://www.salingerprivacy.com.au/  My Health Record (Formerly PCEHR) - https://www.myhealthrecord.gov.au/  NDIS - https://www.ndis.gov.au/  National Health and Medical Research Council - https://www.nhmrc.gov.au/    Transcript [00:00:00] Pete: With me today is Anna Johnson. Anna is one of Australia's most respected experts in Privacy Law and practice. She has qualifications in law, public policy and management and 26 years experience in legal policy and research roles. Anna has a breadth of perspectives and a wealth of experience in dealing with privacy and data governance issues. She's the former deputy privacy commissioner for New South Wales.So she really knows regulatory perspective well, and since 2004 is the director for consulting firm Salinger Privacy Anna holds a first-class honours