Issue link: https://viewer.e-digitaleditions.com/i/319176
persons handling information under the PCEHR Act are governed by the Privacy Act. Unauthorised collection, use or disclosure of eHealth record information is considered an interference with privacy under the Privacy Act. What action must be taken? A proactive approach must be taken by all health service providers given the enhanced enforcement mechanisms and the introduction of a civil penalty regime for breaches contained in the Privacy Act. The maximum penalties for noncompliance are significant, ranging from $340,000 for an individual to $1,700,000 for a body corporate. Health service providers must: • review and update practices, procedures and systems for the collection, handling and disclosure of personal information to ensure compliance with the new APPs (including complaints and inquiries regarding privacy). Businesses may need to provide education and training for existing staff. • review information security systems. • consider whether personal information is being sent overseas through outsourcing or a cloud computing service and ensure its privacy policy deals with this in accordance with the APPs. • review any existing privacy policy to ensure compliance with the new APPs and alignment with current practices, procedures and systems for the collection, handling and disclosure of personal information. Ensure the privacy policy is easily available/accessible. • consider terms of trade and the impact of credit reporting provisions. The implications of these changes for business are not yet fully appreciated. Take action to ensure compliance before it's too late! Heather Beckingsale (LLB (Hons) BSc) is a Principal of Woods Prince Lawyers in Brisbane. She has worked in commercial law and its associated areas of corporate and property law for more than 10 years. Given her experience in a wide range of commercial matters, Heather is able to provide a holistic approach to her clients' commercial and personal situations. Heather is a Queensland Law Society Accredited Specialist in Business Law. The maximum penalties for noncompliance are significant, ranging from $340,000 for an individual to $1,700,000 for a body corporate. Healthcare • Issue 4 5 LAWS