Hicksons Health Law Blog summarises a recently published decision of the Australian Information Commissioner: EZ and EY  AICmr 23. A complaint had been made as a doctor at a medical centre, on receiving a phone call from a police officer, said that it was possible that the patient was psychotic, but further assessment was needed. John Kell, writing about the decision made in favour of the patient, concluded:
By failing to take any steps to query the basis on which the police were seeking personal information about her patient, the doctor was found to have breached NPP 4.1, which requires an organisation to “take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure”. The Privacy Commissioner ordered that the doctor apologise to her patient in writing and pay $6,500 for the loss caused by the interference with his privacy.