As part of its role in providing primary oversight of the My Health Record system, the Office of the Australian Information Commissioner (OAIC) has informed the College that it intends to commence assessment of General Practices, starting this month.
The OAIC will conduct two separate but related privacy assessments:
The OAIC has powers under the Privacy Act 1988 to conduct privacy assessments to provide an independent and systematic appraisal of how well an agency or organisation (or discrete part of an agency/organisation) complies with all or part of its privacy obligations.
These requirements relate to the need for GP clinics that access the MHR system to have practices, procedures and systems in place for protecting personal information and to have a written access security policy in place. Further information about the requirements of Rule 42 and APPs 1.2 and 11.1 can be found in the OAIC’s Rule 42 guidance and the APP Guidelines.
More information about the conduct of privacy assessments and previous assessments reports are available on the OAIC privacy assessments page.
Should you have any questions or concerns, please email Andre Castaldi, Director, Assessments, OAIC at andre.castaldi@oaic.gov.au.
As part of its role in providing primary oversight of the My Health Record system, the Office of the Australian Information Commissioner (OAIC) has informed the College that it intends to commence assessment of General Practices, starting this month.
The OAIC will conduct two separate but related privacy assessments:
The OAIC has powers under the Privacy Act 1988 to conduct privacy assessments to provide an independent and systematic appraisal of how well an agency or organisation (or discrete part of an agency/organisation) complies with all or part of its privacy obligations.
These requirements relate to the need for GP clinics that access the MHR system to have practices, procedures and systems in place for protecting personal information and to have a written access security policy in place. Further information about the requirements of Rule 42 and APPs 1.2 and 11.1 can be found in the OAIC’s Rule 42 guidance and the APP Guidelines.
More information about the conduct of privacy assessments and previous assessments reports are available on the OAIC privacy assessments page.
Should you have any questions or concerns, please email Andre Castaldi, Director, Assessments, OAIC at andre.castaldi@oaic.gov.au.