The Commonwealth Privacy Act governs personal information, which includes health records and other health information; and covers all health practitioners in private practice. It does not however extend to public hospitals and other public organisations. 

Health information is classified as ‘sensitive information’ under the Privacy Act and attracts additional protections because of its greater sensitivity. 

There are various privacy obligations for public hospitals and other public organisations throughout the Australian States and Territories.  In NSW, Victoria and the ACT, practitioners in private practice are governed by both the Privacy Act and state-based regimes.  

Australian Privacy Principles

The Privacy Act includes 13 Australian Privacy Principles (APPs), which set out requirements for handling, using, accessing and correcting health information. 

The APPs are grouped into five parts which correspond to the lifecycle of health information:

  • Part 1 – Consideration of personal information privacy (APPs 1 and 2), which includes the need to have a clear, detailed and up-to-date privacy policy.
  • Part 2 – Collection of personal information (APPs 3, 4 and 5), which includes consent and notification requirements.
  • Part 3 – Dealing with personal information (APPs 6, 7, 8 and 9), including permissible uses and disclosures.
  • Part 4 – Integrity of personal information (APPs 10 and 11), including obligations around accuracy and protection.
  • Part 5 – Access to, and correction of, personal information (APPs 12 and 13), which includes access by patients.

After February 2018, health practitioners and organisations were required to report incidents of unauthorised access, disclosure or loss of health information likely to result in serious harm to affected individuals to the Office of the Australian Information Commissioner (OAIC).  The commission had the powers to impose fines and other penalties to those who failed to do so.  

Tego Insurance can provide the guidance you need

Keeping your patients files safe and protected is a major responsibility that every medical practitioner is required to maintain. With the advent of digital and mobile communication, medical professionals must be even more aware of the sensitivity of their patient’s personal information. Compliance to the rules and regulation set under the Privacy Act is critical. 

As Medical Indemnity Insurance providers in Australia, Tego Insurance will cover your practice with medical indemnity insurance, medical malpractice insurance, doctors indemnity insurance, medical practice insurance, gp medical indemnity insurance, and more. If you are a medical practitioner with Tego, your medical indemnity insurance comes with 24/7 medico-legal advice and helps you stay compliant when protecting your patients personal information.

This publication is general in nature and is not comprehensive or constitutes legal or medical advice. You should seek legal, medical or other professional advice before relying on any content, and practice proper clinical decision making with regard to individual circumstances. Persons implementing any recommendations contained in this publication must exercise their own independent skill or judgment or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Tego Insurance Pty Ltd is not responsible to you or anyone else for any loss su­ffered in connection with the use of this information.