11 Oct 2017

My Health Record can make your job as a healthcare provider easier, by making access to information about your patients and clients simpler.

But to protect your patients’ privacy, it’s vital that you understand how to prevent any breach of My Health Record data.

First, understand what a breach is.

A data breach occurs when someone has collected, used or disclosed information without authorisation. Or, something has happened to compromise the security or integrity of the My Health Record system.

Second, reduce the chance of a breach occurring: establish best practice privacy management.

Part of good privacy practice means preparing now for when things go wrong, by having a data breach response plan.

This is like first aid training for data — so you can act quickly, and limit the damage.

All private healthcare providers are also required to comply with the Privacy Act, and must take reasonable steps to protect personal information from misuse, unauthorised access, or disclosure.

Third, know what steps you must take if a breach occurs or is suspected.

If you know or suspect a My Health Record data breach has occurred you must take certain steps.

  1. Contain the breach
  2. Evaluate any risks associated with the breach
  3. Notify the System Operator and/or the Privacy Commissioner’s Office of the breach
  4. Take steps to prevent/mitigate further breaches.

Please visit our website for further information on these steps and to access My Health Record resources.

OAIC logo
Contact us 1300 363 992

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

© Commonwealth of Australia