Data Breach

Organisations covered by the Privacy Act have obligations under the Act to take reasonable steps to protect the personal information they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Theodore Medical adheres to the 14 Australian Privacy Principles to ensure that your health information is only used for your ongoing health care either with us or when referred for speciality health services including pathology and radiology.

Theodore Medical recognises that prevention of data breaches is much better than dealing with them after the fact.

Rest assured, Theodore Medical has a data breach response plan that is ‘at the ready’ in the unlikely event of a data breach. The purpose of the plan is to ensure that quick actions can be taken after discovering a data breach to then contain, report, advise and prevent such an event happening again.

What is a data breach?

Type of Data Breach

Unauthorized access of personal information

Unauthorised disclosure of personal information

Loss of personal information

Explanation

Where the information is accessed by someone who is not permitted to have access including employees, contractors and external third parties.

Where the information becomes visible to external third parties but in a way that is not permitted under the Privacy Act.

Where the information is lost and that loss may result in unauthorised access or disclosure.