Skip to main content

Data breach with your patient records? Are you fulfilling your new legal obligations?

The Business of Health

Since 22 February, under the Notifiable Data Breaches scheme in Australia, reporting of data breach has become mandatory among individuals and businesses including health services providers.

Where a data breach is likely to cause serious harm it must be reported to the Office of the Australian Information Commissioner (OAIC) and any individuals.

Despite being encouraged to report data breaches under the Privacy Act 1988, entities were not obligated to report such events however; the passing of the Notifiable Data Breach into a law changed the course of privacy protection.

Now that it is a law, entities should notify individuals whose personal information is involved in a data breach and the Australian Information Commissioner especially if it causes serious harm. To determine this, agencies and organisations must be ready to assess suspected data whether it is eligible for notification or not. The given notifications should list recommendations and procedure on how to deal with data breaches.

The Notifiable Data Breach statement form is available online. The Office of Australian Information Commissioner has produced a one page flow chart outlining how to assess whether a data breach is likely to result in serious harm, and what remedial action to take. Click here to access this flow chart.

More articles on My Health Career: