My Health Record privacy complaints spiked in 2018–19


By Dylan Bushell-Embling
Thursday, 14 November, 2019



My Health Record privacy complaints spiked in 2018–19

The Office of the Australian Information Commissioner (OAIC) received a spike in privacy complaints and inquiries related to the My Health Record system ahead of the end of the opt-out period.

The national privacy regulator has revealed in its annual report on its activities in relation to digital health that it received 57 complaints and 145 enquiries about My Health Record in 2018–19.

Most of the complaints were received before the end of the opt-out period on 31 January. This compares to just 14 enquiries and 8 complaints filed in the previous financial year.

The OAIC attributed the increase in complaints and inquiries to “individuals becoming aware that a My Health Record would be created for them if they did not opt-out”.

The OAIC also revealed that 20 privacy complaints related to the system were open at the end of the reporting period. The office also received five complaints and 10 enquiries about the Healthcare Identifiers Service.

Meanwhile, the OAIC received 35 mandatory data breach notifications from the healthcare sector during the financial year, but one of these was withdrawn after being found not to be a breach.

The remaining 34 notifications recorded 37 separate breaches affecting 65 Australians, 40 of whom had a My Health Record at the time of the breaches.

Three of these breaches were from the My Health Record System Operator themselves, while the remaining 31 notifications covered breaches involving Medicare records.

The report also shows that the OAIC is conducting four ongoing assessments related to the My Health Record System, including one assessing whether the Australian Digital Health Agency is taking reasonable steps to protect personal information held in the system.

Each of the remaining assessments cover more than one entity and look at various components of the healthcare sector — private hospitals, pharmacies, and pathology and diagnostic imaging service providers respectively.

Image credit: ©stock.adobe.com/au/Nuthawut

Related Articles

LGPA calls for federal aid in tackling cyber threats

Local Government Professionals Australia has called on Canberra to adopt a five-point plan to...

Victorian hospitals infected by ransomware

A number of hospitals and health services in parts of Victoria have fallen victim to a ransomware...

Exploring the subtleties of data sharing

Frameworks for data sharing, as opposed to data release, need to be developed to preserve...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd