Health information and the Privacy Act
Health information is regarded as one of the most sensitive types of personal information. For this reason, the Privacy Act 1988 (Privacy Act) provides extra protections around its handling. For example, an organisation generally needs an individual’s consent before they can collect their health information.
In addition, all organisations that provide a health service are covered by the Privacy Act (whether or not they are small businesses). Organisations providing a health service include:
- traditional health service providers such as private hospitals and day surgeries, doctors, pharmacists
- allied health professionals (such as psychologists)
- complementary therapists (such as naturopaths and chiropractors) and in some cases gyms, weight loss clinics etc.
The Privacy Act regulates how these organisations collect and handle personal information, including health information. It also includes provisions that generally allow a person to access information held about them. The Office of the Australian Information Commissioner (OAIC) also regulates the handling of health information held in an individual’s personally controlled electronic health record.
The OAIC has developed privacy fact sheets and privacy guides to help individuals and organisations providing a health service understand their rights and responsibilities. Further information about health and medical research is also available on the Privacy Topics — Health page.