Mandatory data breach notification requirements for medical practice

David J Carter and Samuel Hartridge
Med J Aust 2018; 209 (5): . || doi: 10.5694/mja17.00577
Published online: 25 June 2018

Mandatory notification laws bring stiff penalties for failures to meet requirements of the notification scheme

The Australian Government has introduced new mandatory disclosure rules, which came into force in February 2018, requiring most health and medical providers to notify patients or others affected when there is a serious data breach that results in unauthorised access to personal information.1 With fines of up to $420 000 for individuals and far higher fines for businesses that fail to report serious data breaches,1 the mismanagement of a breach by a medical practice will potentially be very serious.

  • 1 Law, Health, Justice Research Centre, University of Technology Sydney, Sydney, NSW
  • 2 University of New South Wales, Sydney, NSW


Competing interests:

Samuel Hartridge is an in-house counsel to ParaFlare, a cybersecurity company.


remove_circle_outline Delete Author
add_circle_outline Add Author

Do you have any competing interests to declare? *

I/we agree to assign copyright to the Medical Journal of Australia and agree to the Conditions of publication *
I/we agree to the Terms of use of the Medical Journal of Australia *
Email me when people comment on this article

Online responses are no longer available. Please refer to our instructions for authors page for more information.