My Health Record privacy complaints spiked in 2018–19


By Dylan Bushell-Embling
Thursday, 14 November, 2019



My Health Record privacy complaints spiked in 2018–19

The Office of the Australian Information Commissioner (OAIC) received a spike in privacy complaints and inquiries related to the My Health Record system ahead of the end of the opt-out period.

The national privacy regulator has revealed in its annual report on its activities in relation to digital health that it received 57 complaints and 145 enquiries about My Health Record in 2018–19.

Most of the complaints were received before the end of the opt-out period on 31 January. This compares to just 14 enquiries and 8 complaints filed in the previous financial year.

The OAIC attributed the increase in complaints and inquiries to “individuals becoming aware that a My Health Record would be created for them if they did not opt-out”.

The OAIC also revealed that 20 privacy complaints related to the system were open at the end of the reporting period. The office also received five complaints and 10 enquiries about the Healthcare Identifiers Service.

Meanwhile, the OAIC received 35 mandatory data breach notifications from the healthcare sector during the financial year, but one of these was withdrawn after being found not to be a breach.

The remaining 34 notifications recorded 37 separate breaches affecting 65 Australians, 40 of whom had a My Health Record at the time of the breaches.

Three of these breaches were from the My Health Record System Operator themselves, while the remaining 31 notifications covered breaches involving Medicare records.

The report also shows that the OAIC is conducting four ongoing assessments related to the My Health Record System, including one assessing whether the Australian Digital Health Agency is taking reasonable steps to protect personal information held in the system.

Each of the remaining assessments cover more than one entity and look at various components of the healthcare sector — private hospitals, pharmacies, and pathology and diagnostic imaging service providers respectively.

Image credit: ©stock.adobe.com/au/Nuthawut

Related Articles

Security, data loss prevention top of list for US councils

New urgencies in cybersecurity and data loss prevention dominate US local and county government...

ACSC publishes cyber advice for critical infrastructure

Amid a spree of attempts by cybercrooks to compromise Australia's critical infrastructure,...

Govt sector second most targeted in Australia

Australia's government sector was the second most targeted industry sector by cyber attackers...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd