OAIC Releases 2024–25 Annual Report on Digital Health
The Office of the Australian Information Commissioner (OAIC) has released its Annual Report on Digital Health 2024–25, outlining regulatory and compliance activities under the My Health Records Act 2012 and the Healthcare Identifiers Act 2010.
The report highlights the OAIC’s oversight of Australia’s key digital health systems, the My Health Record and the Healthcare Identifiers Service, both of which contain highly sensitive personal information requiring strong privacy protections.
During 2024–25, the OAIC reported a significant decrease in digital health privacy complaints and data breaches, reflecting improved compliance and privacy awareness across the sector. Only three privacy complaints were received regarding the My Health Record system (down 80% from the previous year), and no complaints were received about the Healthcare Identifiers Service. Reported data breaches also declined by 54%.
The OAIC continued to advise agencies such as the Australian Digital Health Agency, Services Australia and the Department of Health, Disability and Ageing on privacy matters involving artificial intelligence, telehealth, and data use in research. It also updated its Guide to Health Privacy to help clinicians navigate the disclosure of genetic risk information responsibly.
Commissioners Elizabeth Tydd and Carly Kind emphasised the importance of privacy by design as digital innovation in healthcare continues to accelerate.