Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Data breach requirements in the My Health Record system

mp4Download MP468.2 MB

My Health Record mandatory data breach requirements and how to respond.

Transcript

My Health Record can make your job as a healthcare provider easier, by making access to information about your patients and clients simpler.

But to protect your patients’ privacy, it’s vital that you understand how to prevent any breach of My Health Record data.

First, understand what a breach is.

A data breach occurs when someone has collected, used or disclosed information without authorisation. Or, something has happened to compromise the security or integrity of the My Health Record system.

Second, reduce the chance of a breach occurring: establish best practice privacy management.

Part of good privacy practice means preparing now for when things go wrong, by having a data breach response plan.

This is like first aid training for data — so you can act quickly, and limit the damage.

All private healthcare providers are also required to comply with the Privacy Act, and must take reasonable steps to protect personal information from misuse, unauthorised access, or disclosure.

Third, know what steps you must take if a breach occurs or is suspected.

If you know or suspect a My Health Record data breach has occurred you must take certain steps.

  1. Contain the breach
  2. Evaluate any risks associated with the breach
  3. Notify the System Operator and/or the Privacy Commissioner’s Office of the breach
  4. Take steps to prevent/mitigate further breaches.

Please visit our website for further information on these steps and to access My Health Record resources.

In this series

Privacy and the My Health Record system website