In December 2001, all Australians were given new privacy rights. These rights protect the way your health information is handled by private health service providers and many other private sector organisations.

My Privacy, My Choice

The Privacy Act 1988 now includes ten National Privacy Principles or NPPs. These principles set the minimum standard that health service providers must abide by when they collect, use, disclose and store your health information.

Your new privacy rights mean:

• you should be told about what happens to your health information
• you have more choice and control over your information
• you can ask to see what is in your health record and, if you think it is wrong, you can ask for it to be corrected
• you should be told why and when a health service provider may need to share your information, for example to ensure you get quality treatment and care.

Which health services are covered by the Privacy Act?

Any private sector organisation that assesses or records information about your health:

AND

Any organisation that maintains or improves your health or that dispenses prescription or medicinal preparations. This includes services in the private sector such as:

Doctors Pharmacists Gyms Naturopaths Dentists Masseurs Private hospitals Chiropractors Disability services Physios Osteopaths Counsellors Child care services Social Workers Nurses Psychologists

The Privacy Act does not cover your health information which is held by State or Territory public hospitals or clinics.

So, what is health information?

Any information or an opinion about your health or disability either past, present or future. As well as any other personal information collected while you are receiving a health service, and this includes:

• the symptoms you describe or the provider's observations of your health
• prescriptions
• billing details
• pathology reports, such as those relating to blood samples and X-rays
• dental records
• your Medicare number
• private hospital and day surgery admission and discharge records
• genetic information ? perhaps following a genetic or paternity test
• other sensitive information about things such as your race, sexuality or religion when it's collected by a health service.

Collection

When your health information is collected, generally, it must be collected directly from you.

Sometimes in relation to your health care, such as in an emergency, your health information may be collected from someone else, like a partner, a carer, a family member, guardian or person holding a health care-related Power of Attorney.

Consent

Usually, when a health service provider needs to collect, use or disclose your health information, they will need your consent.

To give consent you need to understand what will happen to your information, so you need clear advice from your provider about what they want to do. You must be able to make your own decisions about whether you agree.

If you are seeing a doctor or other health service provider you trust, you may want to give them broad consent for how they handle your information. Perhaps, if you are seeing a new provider, you may want to give a more limited consent to the use or disclosure of your health information, because you think it is sensitive or embarrassing.

Anna's mother has dementia. Anna goes to the chemist to fill a prescription for her mother. The pharmacist, who has been treating Anna?s mother for 20 years, knows that Anna is her carer and is able to give Anna the medication.

There are times when a person is not able to make their own decisions about how their information is handled. If a health service provider knows that a person is not able to make their own choices, the necessary information about them can be shared with a responsible person, such as a carer, family member or guardian to ensure quality treatment and care. In this case, if the pharmacist did not know Anna, they may need to check whether she can legitimately act on her mother's behalf.

Use and Disclosure

Your health information may be shared between health service providers involved in your treatment and care. Generally, this should only happen in ways you would reasonably expect. For example, if you agree to have a blood test or X-ray, your doctor will need to tell the pathologist or radiologist your relevant health details.

Your information may also be needed for other things, such as managing the accounts of the health service or for the health service provider seeking a refund from the Medicare or the Pharmaceutical Benefits Schemes. The provider should let you know, in general terms, how they will use your information, so you know what to expect.

Two years ago Henry underwent treatment and therapy for depression. He has recovered, but needs to see a physiotherapist for unrelated back and neck problems. While his doctor is writing a referral to the physiotherapist, Henry asks that information about his depression not be included in the referral.

In the health setting, sometimes all of your information needs to be passed on during a referral and sometimes it does not. You can talk about this with your provider. Here, Henry can discuss and negotiate with his doctor what he expects to go into the referral, so he gets proper treatment.

Costa has applied to join the local gym. The membership form lists a health food company, which the gym will give Costa?s details to so the company can contact him about their monthly specials. Costa does not want this to happen. The gym, however, will not take Costa's membership unless he signs the consent form, agreeing that his address can go to the health food company.

Costa should not be forced to agree in this way. Costa?s use of the gym is not related to whether he knows about monthly health food specials. Here, the gym should give Costa the choice to decide whether the health food company can have his details.

Access and Correction

You may want to know what is on your health record and to see if the information is accurate.

Generally speaking, you have a right to access the records a health service provider holds about you. You can ask for copies, but there may be some charges to cover the costs. Sometimes, you may only want to see what is on your record or have some of the information explained to you.

While Andrei is visiting his naturopath, he asks to see his health record and requests a copy. Later, Andrei notices that his record says he has Hepatitis C, and he is confused because he doesn?t have Hepatitis C, but he does have Hepatitis B. Andrei talks about this with his naturopath, who then checks whether there has been a mistake; there has, so the naturopath agrees to correct Andrei's file.

If you think there is information on your record that is not accurate, you can ask to have it corrected. This does not mean that just because you disagree with some of the information, it must be changed. But, if there is a genuine mistake or the information is out of date, you can ask for it to be corrected or updated. If you and your provider disagree about the accuracy of the information, you can ask for a statement of your views to be included in the record.

Kristen is 16 and sees her doctor to ask for the Pill. The doctor decides that Kristen is able to make her own decisions about her health, and agrees to give her a prescription. Later, Kristen?s father asks about her health. When the doctor says she needs Kristen?s permission to talk about her health, Kristen's father asks to see her file. The doctor explains that Kristen must agree first.

The Privacy Act does not set an age at which a child or young person can exercise their own privacy choices - this happens when they become able to understand and make their own decisions. In this case, if the doctor decides that Kristen can make her own decisions, then she can decide whether or not her medical file is shown to her father.

My Privacy, My Choice

This brochure focuses only on some of the National Privacy Principles that protect your health information. For a list of all the National Privacy Principles and more information about them, go to www.privacy.gov.au or contact our office.

What you can do if you think your privacy has been breached.

1. Try to resolve the problem directly with your health service provider. Write a letter to them or send an email, explain what has happened and what you would like to see done.
2. After 30 days, if you have had no reply, or the response you get from the provider is not satisfactory, you can complain to the Privacy Commissioner.

Sometimes, your complaint may need to be dealt with by your State or Territory's Health Complaints Commissioner, Health Services Commissioner or State Privacy Commissioner. For instance, when your complaint involves a public hospital.

 

Office of the Privacy Commissioner

Hotline: 1300 363 992 TTY: 1800 620 241 Level 8, 133 Castlereagh Street SYDNEY GPO Box 5218 NSW 2001 Web Site: www.privacy.gov.au Email: privacy@privacy.gov.au

 

Non-English Speakers If you need assistance with other languages call the Translating and Interpreting Service on 131 450 and ask for the Office of the Privacy Commissioner on 1300 363 992. This is a free service.