Information Commissioner polls on e-health privacy enforcement

The Information Commissioner has set out guidelines on how it will deal with organisations that breach the Privacy and PCEHR Acts, and is asking the public to see if they are appropriate.

The Office of the Australian Information Commissioner (OAIC) is reaching out to the public for feedback on how it should enforce privacy regulation related to personally controlled electronic heath records (PCEHR).

It has released a consultation paper, which is to be read in conjunction with a set of Enforcement Guidelines (PDF) that it had drafted.

The guidelines outline the Information Commissioner's enforcement and investigative powers under the PCEHR and Privacy Acts, and specifies when it is appropriate for them to be used and when the OAIC should get involved.

The guidelines also outline the penalties, enforceable undertakings and injunctions that the Information Commissioner is able to apply to an organisation that breaches the PCEHR and/or Privacy Acts, and provide guidance on when they should be used.

The OAIC is now asking the public as to whether its draft guidelines would be acceptable, and whether they are set out in a clear enough manner for those that are subject to the two Acts.

Submissions will be accepted until 18 September 2012.

The OAIC has also stated that it will seek public comments on its mandatory data breach notification guide for the PCEHR system. This guide is expected to be made available soon.