In ACCC v HealthEngine Pty Ltd  FCA 1203, HealthEngine was fined $2.9 million for breaches of the ACL over manipulated patient reviews, as well as failing to gain the informed consent of patients for disclosure of non-clinical data.
In this case, the Federal Court held that the Department of Veterans’ Affairs did not breach the Information Privacy Principles in disclosing an individual’s personal information to their superior officer and ADF doctors.
On 25 May 2018, the European Union’s new data protection framework – the General Data Protection Regulation (‘GDPR’) – took effect. Despite some similarities with the Privacy Act, many APP entities will need to implement new processes to be GDPR-compliant.
The Health Records Act 2001 (Vic) and the Privacy and Data Protection Act 2014 (Vic) have been amended to provide exceptions in relation to the collection of particular health and personal information under the Family Violence Protection Act 2008 (Vic).
The Victorian Data Sharing Act 2017 (Vic) has introduced a new legal framework to facilitate the sharing of Victorian public sector data to improve policy-making whilst ensuring the privacy of the data.
The Victorian Civil and Administrative Tribunal found that the use of a person’s health information for the purpose of considering a request for clinical supervision and for the purpose of an intervention order proceeding did not interfere with the privacy of the applicant by breaching the Health Privacy Principles.