Private sector health service providers will be required to notify affected individuals and the Australian Information Commissioner of data breaches that are likely to cause serious harm under the Notifiable Data Breaches (NDB) scheme.

‘Health service providers’ refers to organisations, including small businesses, that provide a health service and hold people’s health information. This generally includes general practitioners (GPs), pharmacists, therapists, allied health professionals, gyms and weight loss clinics, and childcare centres among others.

Source: GPs, gyms, and childcare centres may have obligations under the Notifiable Data Breaches scheme — will your organisation?