Richard Hosking wrote: > The law with regard to privacy has no teeth - there is no serious > penalty apart from possibly in common law which is very uncertain.
I am not sure about other States and Territories but that is not true in NSW. The NSW Health Records Information Privacy Act 2002 (see http://www.lawlink.nsw.gov.au/lawlink/privacynsw/ll_pnsw.nsf/pages/PNSW_03_hripact ) provides for penalties up to 2 years in gaol for public sector employees who unlawfully disclose personal health information (or who through negligence or omission allow that to happen). The definition of "unlawfully disclose" is complex but basically public sector health agencies and employees in NSW have to comply with the provisions of 4 statutory guidelines approved by the Privacy Commissioner - see the above URL. Complaints against public sector agencies can be lodged directly with the Administrative Appeals Tribunal, after first raising them with the agency concerned - they do not need to go through the NSW Privacy Commissioner. The same Act also binds the private sector, but the Privacy Commissioner has to make a report against a private sector organisation which can then be enforced by the Tribunal, which can award damages and costs if necessary. None of the forgoing prevents civil legal action on the part of the individual(s) affected, of course, which is what I think you mean by common law action. With respect to encryption of discharge summaries sent by email, both public and private sectors are bound by 15 health Privacy Principles, of which number 5 is most relevant: "5. Secure – your health information must be stored securely, not kept any longer than necessary, and disposed of appropriately. It should be protected from unauthorised access, use or disclosure. " Failure by any health agency or health professional, in either the public or private sectors, to ensure that the above privacy principles are adhered to (except where the statutory guidelines provide exceptions, and they don't as far as I am aware with respect to principle 5 as quoted above) leaves them in breach of the Act. It is not perfect, and not as strong as it some would like, but better than nothing. Tim C > Horst Herb wrote: > >> On Monday 10 July 2006 10:48, Greg Twyford wrote: >> >> >>> Apart from the Privacy Commissioner's usual lack of regard for privacy >>> issues [some personal experience re my own health data suggests that >>> they are a total waste of space], >>> >> >> I suppose the Priovacy Commissioner can only act within the given >> legal framework. >> If the law is crap (and the so called privacy law certainly is, not >> even worth the paper it was printed on), nothing he can really do. >> >> Horst >> _______________________________________________ >> Gpcg_talk mailing list >> [email protected] >> http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk >> >> >> > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
