Privacy Breaches: Notify or Not Notify
29 Mar 2017

A hospital was recently criticised for failing to notify patients of privacy breaches. In 2015, a patient’s emergency assessment paperwork was discovered on the ground near Gosford Hospital. In the same year, a list of patients including their reasons for attending hospital was discovered on a walkway near the hospital.
On both the above occasions, patients were not notified of the privacy breach because the information was not deemed to put them at “serious risk of harm”.
New Mandatory Data Breach Obligations in February 2018
This criticism comes at a time when the Privacy Amendment (Notifiable Data Breaches) Act 2017 received Royal Assent on 22 February 2017 and will come into effect on 22 February 2018. Under the new scheme, an entity covered by the Privacy Act must take steps to notify the Information Commissioner and affected individuals if the entity:
- has reasonable grounds to believe that an eligible data breach has happened; or
- is directed to do so by the Commissioner.
An “eligible data breach" happens if:
- there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
- the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
In preparation for the introduction of mandatory data breach notification, we recommend that all medical practices ensure they have a data breach response plan in place, including a nominated response team.
This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.
Reportable Deaths and Coronial Matters
MDA National's Daniel Spencer (Case Manager - Solicitor) and Karen Lam (Medico-Legal Adviser) discuss when a person's death should be reported to the Coroner and what to do if the Coroner requests a statement or report.
15 May 2025
Death Certificates
When a doctor can write a death certificate (where the death does not need to be reported to the Coroner), considerations when writing the death certificate and how to complete it accurately.
15 May 2025
Communication in healthcare teams
Why good and effective communication is a vital part of delivering quality and safe patient care
15 May 2025

Doctors, Let's Talk: Setting Boundaries At Work
A conversation with Nicola Campbell, Psychiatry Registrar, that explores the necessity of setting professional boundaries as a Junior Doctor.
07 Dec 2022