Details of mandatory data breach notifications relating to the My Health Record system
Mandatory data breach notifications received during the reporting period
- Eleven notifications resulted from findings under the Medicare compliance program that certain Medicare claims in the name of a healthcare recipient but not made by that healthcare recipient were uploaded to their My Health Record. These notifications totalled 92 breaches, each of which affected a separate healthcare recipient. Seven of these data breach notifications have been closed, totalling 67 breaches, and the review of the other four notifications, totalling 25 breaches, was ongoing as at 31 December 2016.
- A further seven notifications, affecting fourteen healthcare recipients, eight with a My Health Record and six without, relate to healthcare recipients with similar demographic information having their Medicare records intertwined. As a result, Medicare claims belonging to another healthcare recipient were made available in the My Health Record of the record owner. Review of these notifications was ongoing as at 31 December 2016.