Notifiable Data Breaches scheme is now the law
GPs should be aware that under the Privacy Act 1988 entities must meet certain requirements in responding to data breaches. This is a requirement for entities covered by the Notifiable Data Breaches (NDB) scheme which includes private sector health service providers.
The Office of the Australian Information Commissioner (OAIC) has provided information including an overview of the NDB scheme and a general framework to assist with preparing for and responding to data breaches. Entities have an obligation to notify the OAIC as well as individuals whose personal information is involved in a data breach that could result in serious harm. The NDB scheme applied from the 22 February 2018.
To ensure you are aware of your obligations under the NDB scheme, read more on the OAIC website.