Imagine any one of these scenarios:<\/p>\n
Scenarios like this have triggered privacy and professional conduct complaints in Australia and overseas. As technology makes it easier to capture, use and share personal information, there is a greater public demand for that information to be protected. Privacy laws are changing to provide greater protection for individuals and stronger enforcement powers for regulators.<\/p>\n\t\t\t
You have always been required to protect patients’ personal information, because of your obligation of confidentiality and the protections in the privacy legislation. The Australian Privacy Principles (APPs) in the Commonwealth Privacy Act<\/em> set out the obligations for handling patient information, including how to protect it from the sorts of misuse listed in the scenarios above. \u00a0\u00a0<\/p>\n Recent changes to the law clarified that the reasonable steps required to protect patient information include taking technical and organisational measures. Technical measures include securing access to premises, encrypting data, using anti-virus software and having strong passwords. Organisational measures include implementing processes and procedures for managing patient information, and training staff about these. \u00a0\u00a0<\/p>\n\t\t\t The Office of the Australian Information Commissioner (OAIC) now has increased powers to issue infringement notices and penalties. \u00a0<\/p>\n The OAIC has advised its approach<\/a> is to encourage and support compliance and that it is more likely to act where there is a substantial risk of harm or where there are systemic harms or contraventions. However, be aware procedural errors such as mishandling access requests or failing to maintain a compliant privacy policy could lead to fines. In gynaecology and endoscopy, where images and sensitive data are routine, it is particularly important to ensure your policies and procedures are robust.<\/p>\n\t\t\t Since June this year, individuals can sue for damages for serious invasions of privacy. To pursue this new cause of action, the invasion of privacy must be serious, and either intentional or reckless. It applies to intrusions into someone’s physical privacy as well as misuse of private information. The person does not need to prove they experienced actual harm and the information disclosed does not have to be true.<\/p>\n There must also be a reasonable expectation of privacy in all the circumstances. This is intended to be flexible test to be determined by the circumstances and context of each case.<\/p>\n\t\t\t By 10 December 2026, your privacy policy must disclose if your practice uses automated decision-making that may significantly affect patients’ rights or interests. As technology advances, use of tools for endoscopy image analysis, surgical planning, or fertility-related decision support could fall within the scope of this requirement. Plan now to be clear with patients about if and how you use such tools, including the types of patient information used by the tools and the sorts of decisions being made.<\/p>\n\t\t\t All the opening scenarios could have significant consequences for you and your practice. The new privacy requirements provide a good opportunity to review and refresh your privacy practices and ensure compliance. New regulatory powers include being able to issue fines of up to $66,000 for non-compliance and up to $660,000 for interferences with an individual’s privacy. \u00a0<\/p>\n Privacy laws are changing to provide greater protection for individuals and stronger enforcement powers for regulators.<\/p>\n","protected":false},"author":1,"featured_media":72,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"site-sidebar-layout":"no-sidebar","site-content-layout":"","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-216","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised"],"acf":[],"_links":{"self":[{"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/posts\/216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/comments?post=216"}],"version-history":[{"count":6,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/posts\/216\/revisions"}],"predecessor-version":[{"id":258,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/posts\/216\/revisions\/258"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/media\/72"}],"wp:attachment":[{"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/media?parent=216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/categories?post=216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/escope.ages.com.au\/october-2025\/wp-json\/wp\/v2\/tags?post=216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Increased enforcement powers<\/h3>\t\t\t\n\t\t\t\t
Serious invasions of privacy<\/h3>\t\t\t\n\t\t\t\t
Automated decision-making transparency <\/h3>\t\t\t\n\t\t\t\t
What this means for you<\/h3>\t\t\t\n\t\t\t\t
\n
Further reading<\/h3>\t\t\t\n\t\t\t\tAvant article: Why every practice needs a strong privacy policy<\/a>
\nAvant factsheet:\u00a0Privacy: the essentials<\/a>
\nAvant factsheet:\u00a0Clinical images – a snapshot of the issues\u00a0<\/a>
\nAvant article:\u00a0Get smart: clinical images and smartphones<\/a>
\nAvant flowchart:\u00a0Taking a clinical image<\/a>
\nAvant factsheet: Emailing patients: what to include in your policy<\/a>\n\n","protected":false},"excerpt":{"rendered":"