Gone with the Wind – Ensuring medical record security

12 May 2016

sara bird

by Dr Sara Bird

Hand reaches toward a filing cabinet with PRIVACY written in bold

Two recent reports in the media which caught my attention highlight the importance of ensuring the security of medical records. 

1. Medical records of at least a dozen patients were found blowing around a local park. The records had reportedly been stolen from a local general practice which was relocating premises.

2. A patient was contacted by a stranger who informed him that he had found a copy of the patient’s hospital records on a street near the hospital. A hospital investigation revealed that the records had been copied by an intern as part of his end of term assessment, and inadvertently lost.

MDA National commonly hears about:

  • theft or loss of computers, mobile phones and removable storage devices which contain medical records, especially  where there is no password protection
  • theft of medical records from a car, where the records were being used for home visits
  • inadequate storage or disposal of paper-based records.

The Office of the Australian Information Commissioner (OAIC) has a range of enforcement powers for privacy breaches

Aside from the impact on patients, and the reputational damage for organisations, these types of privacy breaches can be investigated and prosecuted by the OAIC. Potential penalties include:

  • payment of financial compensation, or an apology
  • penalty orders of up to $340,000 for individuals and up to $1.7 million for companies.

There are government plans to introduce a mandatory data breach notification scheme

Although legislation has not yet been passed, the OAIC recommends that all medical practices and organisations have a response plan that includes notifying affected patients and the OAIC, especially if there is a risk of serious harm as a result of the data breach.

Four key steps to consider when responding to a breach:

  1. Contain the breach and do a preliminary assessment
  2. Evaluate the risks associated with the breach
  3. Notification
  4. Prevent future breaches.


This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.



Doctors Let's Talk: Get Yourself A Fricking GP

Get yourself a fricking GP stat! is a conversation with Dr Lam, 2019 RACGP National General Practitioner of the Year, rural GP and GP Anesthetics trainee, that explores the importance of finding your own GP as a Junior Doctor.


25 Oct 2022

Systematic efforts to reduce harms due to prescribed opioids – webinar recording

Efforts are underway across the healthcare system to reduce harms caused by pharmaceutical opioids. This 43-min recording of a live webinar, delivered 11 March 2021, is an opportunity for prescribers to check, and potentially improve, their contribution to these endeavours. Hear from an expert panel about recent opioid reforms by the Therapeutic Goods Administration and changes to the Pharmaceutical Benefits Scheme. 

Diplomacy in a hierarchy: tips for approaching a difficult conversation

Have you found yourself wondering how to broach a tough topic of conversation? It can be challenging to effectively navigate a disagreement with a co-worker, especially if they're 'above' you; however, it's vital for positive team dynamics and safe patient care. In this recording of a live webinar you'll have the opportunity to learn from colleagues' experiences around difficult discussions and hear from a diverse panel moderated by Dr Kiely Kim (medico-legal adviser and general practitioner). Recorded live on 2 September 2020.