OAIC seeks comment on PCEHR privacy, data breach investigations

Australians invited to agree or disagree with Information Commissioner’s proposed enforcement of the Personally Controlled Electronic Health Records System (PCEHR)

Hamish Barwick (Computerworld)
30 August, 2012 12:18
Comments

The Office of the Australian Information Commissioner (OAIC) is requesting feedback from the Australian public on its draft Enforcement Guidelines for the Personally Controlled Electronic Health Records System (PCEHR) Act.

To help Australians prepare comments, the OAIC has published a consultation paper (PDF) called eHealth record system OAIC Enforcement Guidelines on its website.

Read: Privacy commissioner to regulate eHealth system

According to the draft Enforcement Guidelines, the OAIC has a range of enforcement powers following an investigation into alleged contraventions of the PCEHR Act including the power to seek a civil penalty from the courts, seek an injunction to prohibit or require particular conduct and the power to accept enforceable undertakings.

“The OAIC also has a role in accepting data breach notifications from certain e-health records system participants,” read the Guidelines.

The OAIC’s intended approach to PCEHR Act enforcement activities include:

Complaints will generally be accepted under the Privacy Act and investigated using the investigative powers and processes contained in Part V of the Privacy Act. The OAIC will attempt to facilitate conciliated outcomes between the parties and, where appropriate, will pursue enforcement mechanisms available under either the PCEHR Act or the Privacy Act.
OAIC own motion investigations will generally be conducted under the Privacy Act using the investigative powers and processes contained in Part V.
The Commissioner retains a discretion to investigate conduct using the investigative power in section 73(4) of the PCEHR Act where the Commissioner considers it appropriate. In such cases, the Commissioner will adopt an investigative process which, wherever possible, mirrors the investigative process contained in Part V of the Privacy Act.

The Guidelines include two questions for Australians as part of the consultation.

“Do you agree with the Commissioner’s proposed approach to eHealth record system enforcement?”

“Do the OAIC’s draft Enforcement Guidelines set out the Commissioner’s proposed approach in a clear manner which is informative for PCEHR system participants? If not, how can they be improved?” read the Guidelines.

Comments on the draft Guidelines must be made by Tuesday, 18 September 2012.

Australians can have their say by email consultation@oaic.gov.au or by post to GPO Box 5218, Sydney NSW 2001.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

"Darn those pesky laws that get in the way of commercial exploitation ..."

Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."

Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."

After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."

CIOs struggle to deliver timely mobile business apps: survey
"Too little too late. Spice normally has better standards than this. I ..."

Spiceworks' free management software gets integrated MDM

Latest Blog Posts

Whitepapers

Clearing the Clouds for Midmarket Businesses
Cloud computing promises to help midmarket companies reduce cost and complexity in the IT equation – and gain the flexibility and agility they need to thrive. Yet charting a clear course to the cloud isn’t always easy. In this paper, we aim to clear the clouds. We examine different cloud computing models, discuss the types of requirements that each can best address, and consider what midmarket businesses should look for in a cloud solutions provider.

Learn more »
Appropriate Backup Applications for Accelerated Virtualisation Projects
As virtualisation increasingly becomes an investment priority, a recent EDG survey has found that the associated operating expense can easily become too high a hurdle. In this paper, leading IT organisations quantify the role of inappropriate data-protection as a large obstacle to a stable virtualisation implementation. Read more to find how to optimise your backup applications to meet the present protection requirements.

Learn more »
Detecting APT Activity with Network Traffic Analysis
Today’s successful targeted attacks use a combination of social engineering, malware, and backdoor activities. This research paper will discuss how advanced detection techniques can be used to identify malware command-and control (C&C) communications related to these attacks, illustrating how even the most high-profile and successful attacks of the past few years could have been discovered.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

FTTest Manager - IMMEDIATE STARTNSW
FTSenior Python DeveloperNSW
FTSenior Python Web Applications DeveloperNSW
FTLead Software EngineerSA
FTOS Web Applications DeveloperNSW
FTTechnical Account Manager - MSP + CloudVIC
FTSenior Projects EngineerNSW
FTSenior Python DeveloperNSW
FTSenior Field Engineer - MSNSW
FTSenior E-Commerce PHP Developer- North Sydney- E-commerce Software $110kNSW
FTR&D EngineerSA
FTWeb Developer- Drupal and PHP. Exciting new position- #2 in Dev team.$100k+SuperNSW
FTSnr Web Developer PHP/Magento/API integration into E-commerce sites. $100k+SuperNSW
FTQuality ManagerSA
FT.NET - Sitecore Developer - Melbourne - PermNSW

Zones

Featured Whitepapers

Governance For All - Empowering IT and Business Content Owners

Governance for all is more than an IT initiative or a goal written in a plan document; it’s a strategy that unites IT and business content owners to achieve their ...

Recent comments

"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey
"Too little too late. Spice normally has better standards than this. I ..."
Spiceworks' free management software gets integrated MDM

Follow CIO

Market Place

Deploying mobility worthwhile challenge hear what CIOs have to say.. Read more

Now out of the office never means out of the loop. Office 365 – your complete office in the cloud.

Switch on The Symantec Business Critical Virtualisation Content Zone

Australian Breakfast Road Show: Enabling Proactive Security for Tomorrow's Business Trends

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

OAIC seeks comment on PCEHR privacy, data breach investigations

Recommended

Australian government releases big data issues paper

Think Tank: Tips for IT strategic planning success

From CMO to CEO: Anametrix’s Pelin Thorogood

IT sourcing: in or out?

Avoiding your cloud vendor’s success trap

Big Data, Little Innovation

10 Tips for Dealing with a Bully Boss

Opinion: Why a Blackberry is better than an iPhone

How to define the scope of a project

Intel loses ground as world's top semiconductor company, survey says

5 open source help desk apps to watch

Opinion: Why national e-health is not for everyone

Dual-Persona Smartphones Not a BYOD Panacea

Larry Page wants to see your medical records

ACS to help redundant staff in Queensland

eBay bids on big data challenge

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

Governance For All - Empowering IT and Business Content Owners

Enable Flexible Working

Legal Compliance in Electronic Record Keeping

Note to CIOs: Get Your Head in the Cloud

Best Practices for ERP Implementation