Gone with the Wind – Ensuring medical record security
12 May 2016

Two recent reports in the media which caught my attention highlight the importance of ensuring the security of medical records.
1. Medical records of at least a dozen patients were found blowing around a local park. The records had reportedly been stolen from a local general practice which was relocating premises.
2. A patient was contacted by a stranger who informed him that he had found a copy of the patient’s hospital records on a street near the hospital. A hospital investigation revealed that the records had been copied by an intern as part of his end of term assessment, and inadvertently lost.
MDA National commonly hears about:
- theft or loss of computers, mobile phones and removable storage devices which contain medical records, especially where there is no password protection
- theft of medical records from a car, where the records were being used for home visits
- inadequate storage or disposal of paper-based records.
The Office of the Australian Information Commissioner (OAIC) has a range of enforcement powers for privacy breaches
Aside from the impact on patients, and the reputational damage for organisations, these types of privacy breaches can be investigated and prosecuted by the OAIC. Potential penalties include:
- payment of financial compensation, or an apology
- penalty orders of up to $340,000 for individuals and up to $1.7 million for companies.
There are government plans to introduce a mandatory data breach notification scheme
Although legislation has not yet been passed, the OAIC recommends that all medical practices and organisations have a response plan that includes notifying affected patients and the OAIC, especially if there is a risk of serious harm as a result of the data breach.
Four key steps to consider when responding to a breach:
- Contain the breach and do a preliminary assessment
- Evaluate the risks associated with the breach
- Notification
- Prevent future breaches.
This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.
A health practitioners guide to social media
What are the laws and guidelines that impact social media for practitioners?
22 Jul 2025
Patient Autonomy in Australian Medical care
Do we really support patient autonomy in the decision-making process?
22 Jul 2025
Practicalities of Medicare
Do you understand the Medicare system and are you confident that your billing processes comply with requirements?
22 Jul 2025
Understanding changes to the Fair Work Act
What are the changes to the Fair Work Act and what is my role?
22 Jul 2025