But that’s where the Australian Health Practitioner Regulation Agency finds itself amid the latest twist in the botched implementation of its new registration system – a data breach.

AHPRA regulates about 920,000 health practitioners. Want to be a nurse, doctor, pharmacist or psychologist? You’ve got to register through AHPRA.

Want to complain about a registered health professional? Do it through AHPRA.

While it’s been a relatively low-key issue outside of the profession, the regulator has made few friends in the health industry this year through a botched rollout of a new registration system in March which gave 500,0000 doctors and nurses just two months to work out how to navigate the new system before their re-registrations were due.

Suffice to say it didn’t go well. Plenty came a cropper on the new two-factor authentication system; they were unable to reset passwords or get the verification emails needed to update their details. People without access to a smartphone or quick broadband and wireless also had problems.

AHPRA’s help lines were flooded with calls from outraged doctors and nurses – or calls from outraged nurses and long-suffering admin assistants at doctors’ offices, at any rate.

Formal complaints to AHPRA about registration issues quadrupled to more than 1050, according to the regulator’s latest annual report.

In November came the turn of a new batch of health professionals – dentists, paramedics, pharmacists, psychologists, physios, podiatrists (and all the rest of the professions beginning with p, we’re guessing).

Slightly smoother this time, we’re told, for most at least.

Except ….

This week AHPRA was forced to send out a new whoopsie to some of the health practitioners advising them of a “privacy breach”.

Specifically, those who supervise other people registered with AHPRA, who had their phone numbers and work emails exposed when the people they supervise were doing their own registration, according to an email sent out by the regulator this week.

More than 3100 of them, in fact, the regulator admitted to Margin Call.

A relatively minor issue for most, to be fair. You’d assume a psychologist supervising a graduate in training has probably already handed out their contact details.

But in a larger organisation that’s nominated a senior manager as the supervisory point for a larger group of stressed and overworked junior staff? What could possibly go wrong?

Good news, though. AHPRA has written to the people who saw the private information, asking them to delete it if they haven’t done so already. That always works.

And apologised, which always helps.

And fixed the system so it doesn’t happen again. Although the number of times Optus has said that sort of thing this year might be diminishing the credibility of the line somewhat.

AHPRA has also dobbed itself into the National Health Practitioner Ombudsman (NHPO) over the mistake – which last year had to deal with a flood of new complaints about AHPRA’s botched registration system, according to its own annual report – as well as to the Privacy Commissioner.

NHPO’s annual report also revealed it was handling a potentially far more serious data breach from either AHPRA or one of the 15 professional boards it oversees.

One of them has somehow managed to hand over the identity of a patient – who has complained about a health professional – to the practitioner they’ve complained about. Very naughty.

More Coverage

Why private credit is keeping ASIC awake at night

YONI BASHAN

From Trump boom to a bizarre boardroom bust-up

Nick Evans

Nick EvansMargin Call Columnist and Resource Writer

Nick Evans has covered the Australian resources sector since the early days of the mining boom in the late 2000s. He joined The Australian’s business team from The West Australian newspaper’s Canberra bureau, where he covered the defence industry, foreign affairs and national security for two years. Prior to that Nick was The West’s chief mining reporter through the height of the boom and the slowdown that followed.