Articles and Case Studies

Privacy Law Reforms

03 Dec 2013

by Allyson Alker

On 12 March 2014, changes under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), which amends the Privacy Act 1988 (Cth), come into effect. The existing 10 National Privacy Principles (NPPs) will be replaced by 13 Australian Privacy Principles (APPs), designed to protect the privacy and confidentiality of individuals in a fairer and more transparent manner.

The impact on medical practices

The changes are not expected to add major obligations on medical practices; however, the following issues should be considered:1

  • A medical practice must have a privacy policy clearly specifying what information will be collected, how it will be used, and a process for individuals wishing to complain about privacy breaches. This requirement is more prescriptive than the previous NPP requirements.
  • Where practicable, the privacy policy must be provided in the format requested by the individual, e.g. by email.
  • If a medical practice uses an overseas transcription service, it should ensure that the overseas recipient has the same or similar levels of privacy protection as specified under the APPs. Where the overseas recipient does not have the same level of protection, the practice must obtain the individual’s consent to transfer the information. Prior to this, the practice must inform the individual of what countries the information is going to and how to complain about a privacy breach in that country.
  • In limited circumstances, a medical practitioner is permitted to use or disclose information about a patient to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety (note the word “imminent” has been removed in the APPs).

Who oversees compliance with the changes?

The Office of the Australian Information Commissioner (OAIC) is now responsible for this and the Information Commissioner has significantly greater powers to encourage and enforce compliance. These powers include investigation and audit, making determinations and commencing legal proceedings. The Information Commissioner may also impose a fine on an organisation (up to $1.7 million) or individual (up to $340,000) for a breach of the legislative requirements. However, it is unlikely that a medical practice, doctor or their staff will be fined unless their conduct represents a serious and/or repeated breach.

What actions are recommended before March 2014?

It is recommended that medical practices audit existing policies and procedures to identify any areas of concern. The findings can be used to facilitate a revision of the practice’s privacy policy to ensure compliance with the APPs.

An ideal tool to assess existing policies and processes against the APPs is the OAIC’s Privacy Act reforms – Checklist for APP entities (agencies) available on the OAIC website.

What should a privacy policy cover?2

A privacy policy should cover:

  • the kind of information collected
  • how and for what purpose it is collected, held, and used
  • disclosure to any other persons or agencies, the identity of those agencies, what is disclosed and for what purpose/s
  • the process for an individual to access the information, for what purpose and why
  • where access by the individual is withheld, why, and how the individual is notified
  • consent process for the collection of information and situations where consent is not required
  • complaint process for individuals who wish to complain about a breach of privacy or confidentiality
  • whether information may be disclosed to overseas recipients and to what countries.

Although not required under privacy law, it is also recommended that the practice’s privacy policy addresses:

  • staff training and confidentiality agreements
  • policy review timeframes
  • processes for dealing with unauthorised access to individuals’ health information, including who must be notified in the event of a breach.

Allyson Alker, MDA National Risk Adviser

1. Office of the Australian Information Commissioner website at accessed on 27 Sept 2013.
2. Office of the Australian Information Commissioner. Australian Privacy Principles: Privacy Fact Sheet 17. Canberra: OAIC, 2013.

Anaesthesia, Dermatology, Emergency Medicine, General Practice, Intensive Care Medicine, Obstetrics and Gynaecology, Ophthalmology, Pathology, Practice Manager Or Owner, Psychiatry, Radiology, Sports Medicine, Surgery


My Career Journey with Dr Nick Coatsworth

Dr Nick Coatsworth is an expert in health policy, public administration and a practising infectious diseases physician. He held a national role in the Australian response to COVID-19 as Deputy Chief Medical Officer of Australia, becoming one of the most recognised medical spokespeople during the pandemic. Nick engaged the Australian community through a variety of media platforms most notably as the spearhead of the national COVID-19 vaccination campaign. Dr Micheal Gannon, Obstetrician & Gynaecologist, sits down with Dr Nick Coatsworth to discuss Nick's medical career journey, and what insights and advice he has for junior doctors. MDA National would like to acknowledge the contributions of MDA National staff, Members, friends and colleagues in the production of the podcast and note that this work is copyright. Apart from any use permitted under applicable copyright law, you may not reproduce the content of this podcast without the permission of MDA National. This podcast contains generic information only, is intended to stimulate thought and discussion, and doesn’t account for requirements of any particular individual. The content may contain opinions which are not necessarily those of MDA National. We recommend that you always contact your indemnity provider when you require specific advice in relation to your insurance policy or medico-legal matters. MDA National Members need to contact us for specific medico-legal advice on freecall 1800 011 255 or email We may also refer you to other professional services.


09 Jun 2022

Career complications and contending with uncertainty

Among the many challenges of the COVID-19 pandemic for junior doctors is how to respond to medical training impacts and career uncertainty. In this podcast, Dr Caroline Elton (a psychologist who specialises in helping doctors)and Dr Benjamin Veness (a Psychiatry registrar) share advice for coping with medical training and career delays, disruptions and unknowns.


10 Aug 2020