This research provides an analysis of the implementation of medical data privacy law in Australia, with emphasis on the Victorian Health Records Act 2001 (HRA). We examine the ability of health organisations to respond to the requirements of this legislation, and similar health privacy legislation elsewhere, and illustrate that this ability is affected by the quality of their patient data and the structure and security of their databases. This article suggests that compliance with the legislative provisions creates implications for information systems development and design, which large public and private hospitals have so far failed to consider or act upon.
Keywords: 2001; Health Records Act Vic; data privacy; data quality; health information management; information systems design.