The federal health department breached the Privacy Act when it released data about one in 10 Australians and didn’t adequately protect their identities.
In August 2016 the department published data on a government website regarding a 10 per cent sample of people who had made a claim for payment of Medicare benefits since 1984.
It thought it had protected identities in the records, but a month later researchers at the University of Melbourne uncovered a weakness in the encryption method, allowing the potential for Medicare service providers to be identified.
They found there was a risk that some individuals could be identified by linking the dataset with other sources of information.
Read more on Nine.