New e-health record privacy penalties may be broadened

The personally controlled electronic health record (PCEHR) will be subject to Australia’s first privacy mandatory reporting laws after the Office of the Australian Information Commissioner (OAIC) released draft guidelines with fines of up to $55,000 for failure to notify.

Last week, Attorney General Nicola Roxon’s office confirmed that while the PCEHR would be the only area without “voluntary” reporting laws, “the government… is considering whether to introduce a mandatory data breach notification requirement more broadly