An error in the regulator’s new online portal saw contact details for around 3000 nominated supervisors shared with their supervisees.
The Australian Health Practitioner Regulation Authority has copped to a privacy breach which affected more than 3147 health practitioner employers and supervisors.
As far as privacy breaches go, it appears to be relatively minor, in that the only data which was affected were email addresses and phone numbers – and the data were only leaked to a subset of other health practitioners.
When practitioners were renewing their registration using AHPRA’s new online portal this year, those who were required to name a supervisor or approved employer may have seen contact details for that supervisor or approved employer.
These details would have disappeared from view after the practitioner renewing their registration confirmed the supervision or employment arrangements were correct.
AHPRA followed procedure and reported the likely breach of privacy to the National Health Practitioner Ombudsman and Privacy Commissioner and informed individuals whose contact data was leaked.
It also contacted the practitioners to whom the data was exposed to “ensure they have not copied, stored or shared that information”.
The regulator has also amended its portal system so that the contact details of nominated supervisors and employers are not displayed.
“We take our privacy obligations seriously and accept that any breaches can erode confidence in us and the measures we have in place to protect information,” a spokesperson for AHPRA told The Medical Republic.
“We sincerely apologise for the error. We have notified those affected and, as is required, the National Health Practitioner Ombudsman and Privacy Commissioner.”
For its part, the office of the National Health Practitioner Ombudsman and Privacy Commissioner savaged the rollout of AHPRA’s new online registration portal in its annual report for 2025.
Related
The portal itself was launched in March 2025, just two months before the registration renewal date for nurses and midwives, Australia’s largest group of registered health practitioners.
In May 2025 alone, the NHPO recorded 141 complaints; a 250% increase on May 2024.
Practitioners reported technical problems, accessibility barriers, privacy concerns and time-related pressures.
Some practitioners were unable to reset passwords or receive emails to verify an email address, while others did not have access to a smartphone for multifactor authentication.
In relation to the privacy breach, National Health Practitioner Privacy Commissioner Richelle McCausland acknowledged that her office had received notification.
“We are following our usual processes to ensure compliance with the Notifiable Data Breaches Scheme (the Scheme). You can read more about the Scheme and our role on our website,” she told TMR.
“Individuals who are concerned about an interference with their privacy can make a written complaint to our office. We encourage individuals to first make a complaint directly to Ahpra for a response if possible.”
