NSW OIC Sub - PCEHR Enforcement Guidelines

Mr John McMillan

Australian Information Commissioner

GPO Box 5218

SYDNEY NSW 2001

File ref:A12/0822

Dear Mr McMillan

Thank you for the opportunity to comment on the draft Enforcement Guidelines made under section 111 of the Personally Controlled Electronic Health Records Act 2012 (Cth) (PCEHR).

I note that the purpose of the Guidelines is to outline the enforcement powers of the Information Commissioner under the PCEHR Act, and how your office plans to exercise those powers. In my view, the Guidelines clearly set out the powers for dealing with complaints, conducting investigations and pursuing enforceable undertakings regarding alleged contraventions of the Act.

I also agree with the overall approach to compliance and enforcement set out in the Guidelines as reflecting good administrative practice. In particular, the general principles regarding enforcement articulated at 6.1-6.17 of the Guidelines should help participants in the PCEHR system understand the basis on which enforcement action will be undertaken.

As the Guidelines address the enforcement powers currently available to the Information Commissioner under the PCEHR Act and the Privacy Act 1988 (Cth), I have no further comment about the specific content of the Guidelines as this creates no issues of concern for New South Wales.

However, I am interested in the broader question of overlapping jurisdiction between the Commonwealth and New South Wales. Since the PCEHR Act provides for the concurrent operation of State legislation where possible, the Health Records and Information Privacy Act 2002 (NSW) (HRIPA) will apply to some aspects of the eHealth system. I understand that the issue about appropriate referral of complaints and investigations between jurisdictions, while peripheral to the Enforcement Guidelines, is the subject of separate discussion. I look forward to my office’s continuing participation in this dialogue.

Once again, I welcome the opportunity to have input into this important national initiative. Please do not hesitate to contact [redacted] in my office on [redacted] if you require clarification or any further information.

Yours sincerely

[signed]

Dr Elizabeth Coombs

Privacy Commissioner