Blogs

Privacy Breaches: Notify or Not Notify

29 Mar 2017

John Vijayaraj 110x137

by Mr John Vijayaraj

Folder being stamped CONFIDENTIAL

A hospital was recently criticised for failing to notify patients of privacy breaches. In 2015, a patient’s emergency assessment paperwork was discovered on the ground near Gosford Hospital. In the same year, a list of patients including their reasons for attending hospital was discovered on a walkway near the hospital.

On both the above occasions, patients were not notified of the privacy breach because the information was not deemed to put them at “serious risk of harm”.

New Mandatory Data Breach Obligations in February 2018

This criticism comes at a time when the Privacy Amendment (Notifiable Data Breaches) Act 2017  received Royal Assent on 22 February 2017 and will come into effect on 22 February 2018. Under the new scheme, an entity covered by the Privacy Act must take steps to notify the Information Commissioner and affected individuals if the entity:

  • has reasonable grounds to believe that an eligible data breach has happened; or
  • is directed to do so by the Commissioner.

An “eligible data breach" happens if:

  1. there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
  2. the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

In preparation for the introduction of mandatory data breach notification, we recommend that all medical practices ensure they have a data breach response plan in place, including a nominated response team.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.

 

Library

Reportable Deaths and Coronial Matters

MDA National's Daniel Spencer (Case Manager - Solicitor) and Karen Lam (Medico-Legal Adviser) discuss when a person's death should be reported to the Coroner and what to do if the Coroner requests a statement or report.

Death Certificates

When a doctor can write a death certificate (where the death does not need to be reported to the Coroner), considerations when writing the death certificate and how to complete it accurately.

Communication in healthcare teams

Why good and effective communication is a vital part of delivering quality and safe patient care

Doctors, Let's Talk: Setting Boundaries At Work

A conversation with Nicola Campbell, Psychiatry Registrar, that explores the necessity of setting professional boundaries as a Junior Doctor.

Podcasts

07 Dec 2022