Information about your health is protected by federal and state privacy laws, which contain privacy principles that regulate the way your health information can be collected, used, stored and disclosed. The privacy principles also give you certain rights in relation to your health information, including the right to be informed about its use, storage and disclosure; the right to access it; and, in some cases, the right to anonymity.
Privacy principles applicable in Victoria
The privacy principles that protect health information in Victoria are:
- Information Privacy Principles (IPPs), which apply to all federal and ACT public sector agencies and services, including Medicare Australia (previously Health Insurance Commission) and the Defence Health Service.
- National Privacy Principles (NPPs), which apply throughout Australia to most private sector health providers, including private medical clinics, private hospitals and private pathology services.
- Health Privacy Principles (HPPs), which apply to all Victorian public and private sector organisations that handle health information, including public and private hospitals, community health centres, private medical clinics and the blood bank.
The first two sets of privacy principles are part of the federal Privacy Act 1988 (Cth), while the third set is part of the Victorian Health Records Act 2001 (Vic).
There is overlap between federal and state privacy principles. For example, if you live in Victoria, you have rights under the National Privacy Principles (federal) and the Health Privacy Principles (Victorian) in relation to health information held by private sector health providers. In situations where your health information is protected by both federal and Victorian privacy principles, the federal principles take precedence.
In addition, there is overlap of the privacy principles with confidentiality protection under common law. For example, if a health service provider improperly discloses your health information to another person, you may be able to seek compensation for the breach of confidentiality under common law in addition to your rights under the privacy principles.
Because of the complexity and overlap of the privacy laws, you should seek advice from the Health Services Commissioner if you need specific information about any of the laws or want to lodge a complaint about a breach of privacy.
Next Section: What is health information?