All organisations that provide a health service are covered by the Privacy Act (whether or not they are small businesses). Organisations providing a health service include:

• traditional health service providers such as private hospitals and day surgeries, doctors and specialists
• pharmacists
• allied health professionals such as psychologists
• complementary therapists like naturopaths and chiropractors and
• in some cases other services like gyms, fitness services and weight loss clinics, child care and schools (if they provide a health service and hold health information).

State or Northern Territory public hospitals and health services are not covered by the Privacy Act, but may be covered by relevant state or territory legislation. Visit State and territory privacy laws for more information. Public health service providers in the ACT are covered by the Information Privacy Principles in the Privacy Act. See Government for more information. However, the Office may be able to investigate complaints about the handling of healthcare identifiers by state and territory authorities.

People commonly regard health information as one of the most sensitive types of personal information.  For this reason, the Privacy Act provides extra protections around the handling of health information.  For example, you need to get consent before your health service can collect a person's health information.

We have plenty of guidance material to help health service providers comply with the NPPs in the Privacy Act:

• For general information on how the NPPs apply to health service providers, take a look at our Guidelines on Privacy in the Private Health Sector.
• For information on privacy guidelines for medical research see Health and medical research.
• For information on privacy guidelines for genetic information see Health and genetic information.
• Do you want information targeted to your profession? See our information on privacy issues for doctors and pharmacists.
• Is there a particular area of the NPPs that you want more detail on? See if our health information sheets deal with your issue.
• See how the Privacy Act is applied in practice. Read our complaint case notes.
• For information about healthcare identifiers see Healthcare Identifiers.
• Still got questions? Chances are someone's asked them before. Take a look at our frequently asked questions for health service providers.

Other places to go...

(Disclaimer: Please note that the following websites were not created and are not endorsed by the OAIC. The descriptions below were supplied by the organisations listed.)

• Royal Australian College of General Practitioners - Handbook for the Management of Health Information in Private Medical Practice (2nd Edition)
  The College has produced a number of resources relating to privacy and the management of health information, including the Handbook for the Management of Health Information in Private Medical Practice. The Handbook was produced in conjunction with the Committee of Presidents of Medical Colleges and is applicable to all privately practicing medical practitioners.

• Mental Health Privacy Coalition - Privacy Kit for Private Sector Mental Health Service Providers (2004)
  The kit gives practical assistance to providers in meeting their privacy obligations. Providers are encouraged to consider the suggestions in this kit in combination with other privacy sources, such as the OAIC's Guidelines on Privacy in the Private Health Sector.