Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

PCEHR system mandatory data breach consultation information

September 2012

Submissions to this consultation closed on 25 September 2012.


In September 2012 the OAIC conducted a public consultation on a draft of A guide to mandatory data breach notification under the personally controlled electronic health record system (draft guide).

The Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) provides the regulatory framework for the personally controlled electronic health (eHealth) record system.

The PCEHR Act establishes the Information Commissioner (the Commissioner) as the independent privacy regulator for the eHealth record system. The PCEHR Act gives the Commissioner the power to investigate alleged contraventions of the Act and pursue enforcement mechanisms that are appropriate in the circumstances of the case.

The OAIC has the role of receiving mandatory data breach notifications from particular entities and can seek a civil penalty if a data breach is not reported.

Purpose of consultation

The draft guide provides general guidance to help entities meet their mandatory data breach notification reporting obligations under the PCEHR Act. The guide also aims to assist entities to respond effectively to data breaches.

The OAIC sought comments on the draft guide from industry groups and individuals with a specific interest or expertise in the eHealth record system, or any other interested parties who may be affected by the guide.

To assist the public to consider the draft guide and prepare comments, the OAIC published a consultation paper (PDF). The draft guide is available in HTML and PDF format.

Submissions received

The following submissions on the draft guide are presented as received by the OAIC with redactions to remove personal information not relevant to the submission. If you have difficulty accessing a submission please contact us for an alternative version.

  1. docxAustralian Information Security Association75.92 KB
  2. pdfAustralian Dental Association Inc.338.69 KB
  3. docxAustralian Physiotherapy Association144.54 KB
  4. pdfAustralian Privacy Foundation168.64 KB
  5. docxConsumers Health Forum of Australia348.93 KB
  6. pdfHealth Care Consumers' Association of the ACT345.79 KB
  7. pdfHealth Services Commissioner (Victoria)42.77 KB
  8. docInformation and Privacy Commission (New South Wales)482.5 KB
  9. pdfNEHTA — National E-Health Transition Authority401.97 KB
  10. docxProfessor Bill Lane, Faculty of Law and Jodie Siganto, PhD Student, Faculty of Law, Queensland University of Technology41.34 KB
  11. pdfRoyal Australian College of General Practitioners45.77 KB
  12. pdfAusCERT403.5 KB
  13. pdfAustralian Private Hospitals Association212.6 KB
  14. Royal College of Pathologists of Australasia (.html)
  15. Department of Health and Ageing (.html)
  16. Australian Association of Pathology Practices (.html)
  17. pdfAustralian Healthcare & Hospitals Association552.71 KB