What Is a Medical Privacy Breach?

What is a privacy breach and what do I need to do when a breach has been identified?

A breach is a loss of, unauthorised access to, or disclosure of, personal information.  

In my experience reception, areas are an open space setting that tends to be the hub of activity in clinics.  The area is typically a shared workspace that your nurses, doctors and administration personnel also need to access. The sharing of information between staff in this locality exposes clinics to potential privacy breaches.   

Areas of concern at the reception include some of the following: -

Phone calls (incoming and outgoing)

Staff, visitors and patients

Email communications

Incoming Faxes

Consultation Notes

X-ray and laboratory reports

Privacy is challenging in a busy, front of house reception.  Your reception staff are key to ensuring privacy.  

In my role, I am available to assist in reviewing your reception procedures and making recommendations to ensure your key staff have the necessary skills to achieve optimum patient privacy.


If a breach occurs the following four steps are a guide to what action needs to be taken to identify and manage the person(s) personal information.

STEP 1 - Containment

Contain the breach

Appoint one person to oversee

Decide if a team is needed to investigate

If a Criminal activity is suspected call the Police

Retain any relevant evidence

STEP 2 - Evaluation

Identify the information involved and the specific content details

Determine if the information needs to be secured or encrypted

Is the cause able to be identified

Systemic problem or an isolated incident

Size of the breach 

Would the breach result in harm? (e.g. identify theft, financial loss, loss of dignity)

Who potentially has this information

STEP 3 - Notification

Identify any risk or harm to the people affected 

If law enforcement authorities are involved check when to notify affected people

Directly notify individuals (phone, letter, email or in person)

Consider any third-party contractors or parties that should be informed.

Any serious breach must be reported to the Privacy Commissioner 

STEP 4 - Protection

Audit both physical and technical security

Review policies and procedures

Review staff training

Review any service partners caught up in the breach.

Contact: -  Office of the Privacy Commissioner 09 3028680

Click here for more information.

Book online using the following link if you would like to discuss further, I welcome any queries and look forward to speaking with you.

To book a meeting with me

Connect with me on LinkedIn

Check out our medical services

Debbie Cripps

David Johnston
"Successful business is a result of interconnecting partnerships all working in synergy for a common goal. Our job is to ensure the efficiency and effectiveness of the strands that link it all together."

David Johnston
Think I.T. Team