It’s been about a year since the Notifiable Data Breach scheme came into effect, legally obliging GP clinics to report unauthorised disclosures of patient information that created a significant risk of harm.

Initially there were fears the requirement would bury practices under a paperwork mountain.

But the latest report from the Office of the Australian Information Commissioner notes there were 163 breaches between February and December last year.

Given the number of health organisations in Australia, this means most escaped with no paperwork.