Privacy Breaches: Notify or Not Notify

28 Mar 2017

John Vijayaraj 110x137

by Mr John Vijayaraj

Folder being stamped CONFIDENTIAL

A hospital was recently criticised for failing to notify patients of privacy breaches. In 2015, a patient’s emergency assessment paperwork was discovered on the ground near Gosford Hospital. In the same year, a list of patients including their reasons for attending hospital was discovered on a walkway near the hospital.

On both the above occasions, patients were not notified of the privacy breach because the information was not deemed to put them at “serious risk of harm”.

New Mandatory Data Breach Obligations in February 2018

This criticism comes at a time when the Privacy Amendment (Notifiable Data Breaches) Act 2017  received Royal Assent on 22 February 2017 and will come into effect on 22 February 2018. Under the new scheme, an entity covered by the Privacy Act must take steps to notify the Information Commissioner and affected individuals if the entity:

  • has reasonable grounds to believe that an eligible data breach has happened; or
  • is directed to do so by the Commissioner.

An “eligible data breach" happens if:

  1. there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
  2. the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

In preparation for the introduction of mandatory data breach notification, we recommend that all medical practices ensure they have a data breach response plan in place, including a nominated response team.

This blog contains general information only. We recommend you contact your medical defence organisation or insurer when you require specific advice in relation to medico-legal matters.



How to Respond to a Complaint

Even a complaint that may seem trivial is important to the patient. MDA national Medico-legal Adviser and practicing GP, Dr Jane Deacon, discusses how to respond to a complaint.


11 Apr 2019

Top Tips and Medico-legal Mistakes Part 1

MDA National Executive Professional Services Manager and GP, Dr Sara Bird, explains how to be better prepared and avoid common medico-legal mistakes.


11 Apr 2019