Privacy update: in for a penny, in for a pound — a warning for health service providers

The Australian Privacy Commissioner has found that a suburban Melbourne medical practice has breached the Privacy Act 1988 (Cth) by failing to take reasonable steps to secure personal information in its possession.

While the breach occurred during the time that the National Privacy Principles (NPPs) were still in force and the privacy commissioner was concerned with breaches under that regime, the investigation report makes it clear that it is imperative that providers of health services (medical practices, dental surgeries, physiotherapists and so on) ensure that their document management and privacy practices are compliant with the Privacy Act and the Australian Privacy Principles (APPs).

The Pound Road Medical Centre (PRMC) moved premises in 2011 and believed that all paper-based medical records had been transferred to its new premises. However, when a shed at the old premises was broken into in November 2013, the medical records of 960 patients were discovered. In addition the shed (which was only locked with padlocks) contained records of payments to medical practitioners, staff and other third parties such as WorkCover and the Victorian Transport Accident Commission. The voluminous number of records contained both personal information and sensitive information. The privacy commissioner found that the information was compromised by the break-in…

Click on the link below to read the rest of the DLA Piper briefing.

Briefings from DLA Piper

View more briefings from DLA Piper

Analysis from The Lawyer

View more analysis from The Lawyer


3 Noble Street

Turnover (£m): 1,539.00
No. of lawyers: 4,374(UK 200)
Jurisdiction: Global
No. of offices: Over 75
No. of qualified lawyers: 625 (International 50)