Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Department of Health and Ageing submission

From: Peter Trahair
Sent: Friday, 19 October 2012 3:35 PM
Subject: DBN guidelines

Thank you for an opportunity to consult on the draft Mandatory data breach notification in the eHealth record system, September 2012, which I refer to as the DBN guidelines.

The Department of Health and Ageing is generally of the view that the DBN guidelines are comprehensive and fit for purpose.

Our only critique is with respect to the terminology used in the DBN guidelines. We understand that, legally, differing terms may apply under the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) and the Privacy Act 1988 (Privacy Act) for the same person. However, for the purposes of readability, our preference is that the PCEHR Act terms prevail. For example, could the DBN guidelines refer to "registered consumer" throughout rather than "individual"? Furthermore, our preference is that the DBN guidelines are clearer as to whom is an entity. Despite legislative definitions, the DBN guidelines may really only be relevant in practice to entities who are the System Operator, a registered repository operator or a registered portal operator. Perhaps the DBN guidelines could simply refer to these persons?

If you have any queries, please contact me or [redacted].

Peter Trahair
Acting Director
Legislation Development
eHealth Strategy and Legislation Branch
eHealth Division
Department of Health and Ageing
Phone: [redacted]
Email: [redacted]