Media release: Compliance review report – Gold Coast Hospital and Health Service

Queensland’s Office of the Information Commissioner’s (OIC) compliance review report of the Gold Coast Hospital and Health Service (GCHHS) was tabled in Parliament on 14 February 2017.

This report details the results of our review of GCHHS’s compliance with the Right to Information Act 2009 (Qld) and the Information Privacy Act 2009 (Qld).

We identified areas of good practice and made six recommendations for improvement.

Acting Information Commissioner Jenny Mead said, “We found that GCHHS is committed to right to information and privacy and is overall meeting its legislative obligations well.”

“It is pleasing to see that that GCHHS is reassessing its information management and governance framework so it can respond to an increasing demand for the information it holds. The proposed Data Governance Committee, together with performance measures on proactive disclosure, will enable GCHHS to better manage its information and get assurance that it makes the greatest amount of information available to the community.”

Key findings

Gold Coast Hospital and Health Service:

  • encourages participation and two-way dialogue with the community through its Consumer Advisory Group, social media and other engagement platforms
  • provides in-house general awareness training on right to information (RTI) and information privacy (IP), but could incorporate this training into its mandatory suite of training for new staff
  • is establishing a Data Governance Steering Committee
  • has limited measures for monitoring the performance of right to information and information privacy at the strategic and executive level
  • is working on an Information communication and technology data asset control register to establish a single point of truth for its data holdings
  • complies with the requirements for a publication scheme and disclosure log, although some documents in the publication scheme were out of date
  • handles RTI and IP applications in accordance with the Acts in most aspects
  • has a published privacy plan detailing the types of information it collects, and how it holds, uses and discloses this information, but could improve its process for collecting sensitive information
  • has good documented processes and responsibilities in place for storing, accessing and releasing camera surveillance footage.

Read the full report here

Media contact: Steve Haigh, Manager Training and Stakeholder Relations
Phone: (07) 3405 1111