Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

What should a health service provider tell an individual when it collects health information from an individual?

At the time it collects the information, or as soon as practicable afterwards, a health service provider should take reasonable steps to make the individual aware of a number of things including:

the purposes for which the information was collected;
what organisations the information could be given to;
the fact that the individual can access the information held by the provider.

What is 'practicable' and what is 'reasonable' will depend on the circumstances. For example, these may relate to the costs involved, the circumstances of collection such as whether the information is collected in an emergency. The advice to be given to individuals is fully set out in National Privacy Principle (NPP) 1.3,

NPP 5.1 requires a health service provider to prepare a clearly expressed statement (a Privacy Policy) about how it manages the health information it collects from individuals. This statement should be made available to anyone who asks for it. For NPP 5.1.

In some circumstances it may be appropriate for a provider to give advice (to comply with NPP1.3 and NPP 5.1) at the same time, for example on its website or in a pamphlet. For more information, see the Guidelines on Privacy in the Private Health Sector.