Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Consultation information: revised PCEHR (Information Commissioner Enforcement Powers) Guidelines

This consultation closed on 3 November 2015.


The Office of the Australian Information Commissioner (OAIC) is seeking public comment on a revised version of the PCEHR (Information Commissioner Enforcement Powers) Guidelines.

The guidelines explain the OAIC’s approach to enforcing alleged contraventions of the Personally Controlled Electronic Health Records Act 2012 (the PCEHR Act), including how the Information Commissioner will determine whether to use enforcement powers under the PCEHR Act or the Privacy Act. The guidelines are a legislative instrument made under s111 of the PCEHR Act.

The revised guidelines have been updated to reflect changes to the Privacy Act 1988 (Privacy Act), which took effect from March 2014. The guidelines have also been updated to ensure consistency with the OAIC’s recently published regulatory guidance: the Privacy regulatory action policy and the Guide to privacy regulatory action. The Guide to privacy regulatory action supports the revised PCEHR (Information Commissioner Enforcement Powers) Guidelines by setting out a detailed explanation of particular enforcement powers, and the procedural steps the OAIC will take in the exercise of those powers.

Back to Contents

Purpose of consultation

The OAIC has commenced a four week public consultation period in relation to the revised PCEHR (Information Commissioner Enforcement Powers) Guidelines.

The OAIC is seeking comment from interested stakeholders on whether the revised guidelines clearly outline the OAIC’s approach to exercising its enforcement powers in matters relating to the eHealth system.

Back to Contents

Summary of changes to guidelines

The main changes to the guidelines are:

  • Content has been added to reflect the new powers conferred on the Information Commissioner by the 2014 Privacy Act reforms – this includes the power under the Privacy Act to accept enforceable undertakings (Part 9), to make a determination following a Commissioner initiated investigation (Part 10), and to seek a civil penalty for serious or repeated interference with privacy (Part 14). A new Part addressing Privacy Act injunctions has also been added (Part 12).

  • The order in which enforcement powers are addressed throughout the Guidelines has been amended. The powers now run from less serious to more serious, which reflects the escalation model on which the powers are based.

  • Part 6 (general principles) has now been separated into Parts 6 and 7 – Part 6 deals with general principles of investigations, while Part 7 deals with general principles of enforcement action. Additional changes have been made to ensure these Parts are consistent with the OAIC’s Privacy Act regulatory guidance.

  • The headings ‘policy considerations’ and ‘discretionary factors’ in 6.2-6.3 have been combined into a new clause 7, and some of the factors have been updated to reflect the OAIC’s Privacy Act regulatory guidance.

Back to Contents

How to make comments

The OAIC invites your comments on the revised guidelines.

The closing date for comment is Tuesday, 3 November 2015.

Submissions can be made to or GPO Box 5218 Sydney NSW 2001.

While submissions may be lodged electronically or by post, electronic lodgement is preferred. It would also be appreciated if your submission could be provided to us in a web accessible format or, alternatively, in a format that would allow the OAIC to easily convert to HTML code eg: Rich Text Format (.rtf) or Microsoft Word (.doc).

Note: Submissions will be published on the OAIC website. If you would like your submission to be confidential please advise us. However please note that confidential submissions may still be accessible under the Freedom of Information Act 1982.

Back to Contents

Privacy collection statement

The OAIC will use the personal information it collects in the course of this consultation only for the purpose of considering and dealing with submissions.

Back to Contents


  1. pdfNSW Privacy Commissioner255.55 KB
  2. pdfNational E-Health Transition Authority (nehta)92.81 KB
  3. pdfThe Royal Australian College of General Practitioners (RACGP)145.05 KB
  4. pdfAttorney-General's Department (AGD)62.11 KB
  5. pdfJukka S. Rannila155.03 KB
  6. pdfAustralian Privacy Foundation (APF)127.08 KB
  7. pdfAustralian Federation of AIDS Organisations (AFAO)447.79 KB
  8. pdfNSW Information Commissioner904.25 KB
  9. pdfThe Royal Australian & New Zealand College of Psychiatrists (RANZCP)875.77 KB

Back to Contents