Health Guidelines

• Guidelines on Privacy in the Private Health Sector
• Medical Research - Section 95 of the Privacy Act 1988
• Medical Research - Section 95A of the Privacy Act 1988
• Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs

Guidelines on Privacy in the Private Health Sector (November 2001)

New privacy legislation for the private sector In Australia - for the first time, there is now a comprehensive privacy law covering the private sector. In an amendment to the Privacy Act 1988 (the 'Privacy Act'), private sector organisations now have an obligation to protect the privacy of individuals' personal information.

This amendment applies to all health service providers in the private sector, regardless of size, from 21 December 2001. For more information on the new guidelines please choose one of the following formats:

• Guidelines on Privacy in the Private Health Sector - HTML, PDF, Word, RTF, Zip

Other Guidelines can be found at Business - Privacy Guidelines issued by the Office of the Privacy Commissioner

Back to Top

Medical research - Section 95 of the Privacy Act 1988

Section 95 of the Privacy Act 1988 provides that the National Health and Medical Research Council (NHMRC) may, with the approval of the Privacy Commissioner, issue guidelines for the protection of privacy in the conduct of medical research.

The guidelines allow Commonwealth agencies to disclose information for the purposes of medical research, as long as the medical research is conducted in accordance with the guidelines. The guidelines prescribe procedures that Human Research Ethics Committees and researchers must adhere to in order for the disclosures of personal information from Commonwealth agencies to be lawful.

The current Section 95 Guidelines for the protection of privacy in the conduct of medical research were issued in March 2000. The guidelines should be read in conjunction with the National Statement on Ethical Conduct in Research Involving Humans.

NHMRC's Australian Health Ethics Committee (AHEC) completed a review of the s. 95 Guidelines in April 2003, in conjunction with the Office of the Privacy Commissioner. Please refer to the Joint Summary of the Review, by the Privacy Commissioner and the Chair of AHEC. As part of the review, the Office surveyed Commonwealth agencies in regard to their experience with the Guidelines.

Back to Top

Medical Research - Section 95A of the Privacy Act 1988

As part of the preparation for implementing the new private sector amendments, the Privacy Commissioner has approved Guidelines under Section 95A of the Privacy Act 1988 which were issued by the National Health and Medical Research Council (NHMRC).

The NHMRC conducted a wide ranging public consultation process to engage interested stakeholders in the development of the Guidelines.

The Guidelines approved under Section 95A of the Privacy Act 1988 provide a framework for human research ethics committees to assess proposals to access health information (without the consent of the subject) for research, the compilation or analysis of statistics, or health service management, to weigh the public interest in those activities against the public interest in the protection of privacy.

The publication of the Guidelines will help members of ethics committees and researchers to better understand and fulfil their obligations (under the amended Privacy Act) that came into force on 21 December 2001.

Back to Top

Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs

The Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs are legally binding guidelines for the management of personal information collected from claims on the Medicare Benefits and Pharmaceutical Benefits Programs.

They chiefly apply to Medicare Australia and the Department of Health and Ageing but bind all Australian Government agencies in relation to their handling of this data.

In brief, the Guidelines:

• require the separate storage of Medicare Benefits and Pharmaceutical Benefits Programs claims information;
• specify the circumstances in which data from the two programs may be linked;
• require the de-identification of claims information over five years old; and
• specify the circumstances when old information may be re-identified.

Section 135AA of the National Health Act 1953 requires the Privacy Commissioner to issue the Guidelines. That section specifies the data to which the Guidelines apply and the areas that the Guidelines must cover. Section 27(1)(pa) of the Privacy Act 1988 says that it is a function of the Privacy Commissioner to issue the Guidelines.

A breach of the Guidelines is an 'interference with privacy' under section 13 of the Privacy Act and a person may complain to the Privacy Commissioner if he or she considers a breach may have occurred.

The Guidelines were first issued on 24 November 1993 and came into effect on 15 April 1994. They have been amended since then on several occasions.

A revised set of Guidelines were issued by the Privacy Commissioner on 6 March 2008 and will replace the existing guidelines from 1 July 2008. This revised set reflect the findings in the Report of the review of the Guidelines undertaken between 2004 - 2006.

2008 Guidelines:

• Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs (effective from 1 July 2008) - HTML, PDF, Word
• Explanatory Statement - HTML, PDF, Word
• Privacy Commissioner's notice issuing the Guidelines - PDF, Word
• Federal Register of Legislative Instruments (official version of the Guidelines)

Other information:

• Guidelines effective to 30 June 2008 - PDF, Word
• 2004-06 Review and Report

Back to Top

Return