3 May 2018 - The Australian Information Commissioner has concluded an investigation into the re-identification of Medicare service provider data within the de-identified Medicare Benefits Schedule and Pharmaceutical Benefits Schedule data published by the Commonwealth Department of Health on data.gov.au in 2016. 

Background and further information about the data published can be found in a LegalTalk Alert which was distributed on 11 May 2017. In the investigation, the Commissioner found that the Department of Health failed to take reasonable steps to protect personal information and to implement practices, procedures and systems to ensure compliance with Australian privacy laws.

The Department of Health provided the Commissioner with an undertaking, which included a requirement to establish an external review and audit into departmental policies and procedures for the release of data based on personal information.

Read Lexology article