Privacy Breaches: Notify or Not Notify
29 Mar 2017

A hospital was recently criticised for failing to notify patients of privacy breaches. In 2015, a patient’s emergency assessment paperwork was discovered on the ground near Gosford Hospital. In the same year, a list of patients including their reasons for attending hospital was discovered on a walkway near the hospital.
On both the above occasions, patients were not notified of the privacy breach because the information was not deemed to put them at “serious risk of harm”.
New Mandatory Data Breach Obligations in February 2018
This criticism comes at a time when the Privacy Amendment (Notifiable Data Breaches) Act 2017 received Royal Assent on 22 February 2017 and will come into effect on 22 February 2018. Under the new scheme, an entity covered by the Privacy Act must take steps to notify the Information Commissioner and affected individuals if the entity:
- has reasonable grounds to believe that an eligible data breach has happened; or
- is directed to do so by the Commissioner.
An “eligible data breach" happens if:
- there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
- the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
In preparation for the introduction of mandatory data breach notification, we recommend that all medical practices ensure they have a data breach response plan in place, including a nominated response team.
This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.
A health practitioners guide to social media
What are the laws and guidelines that impact social media for practitioners?
22 Jul 2025
Patient Autonomy in Australian Medical care
Do we really support patient autonomy in the decision-making process?
22 Jul 2025
Practicalities of Medicare
Do you understand the Medicare system and are you confident that your billing processes comply with requirements?
22 Jul 2025
Understanding changes to the Fair Work Act
What are the changes to the Fair Work Act and what is my role?
22 Jul 2025