Lots, lots more here:
Update 29/1/2018. I have removed the last paragraph of the ZDNet quote as I have been told there are some errors in it by the OAIC. They are also correcting it with ZDNet.
They said: "In particular, both credit reporting bodies and private sector health service providers will be required to comply with the NDB scheme."
Thanks to them for letting me (and readers) know!