Long before there was a specific Act of Parliament about privacy, there was a legal and ethical principle that records kept by health care professionals should be kept confidential.
There have always been exceptions to this principle, in particular when a party to a legal case in court asks through the court process for another person or organisation to produce medical records that are relevant to the court case (‘issues a subpoena’).
A failure to keep health records confidential may be a breach of confidentiality. It may also be a breach of specific privacy laws.
This section deals with:
If you think a health care practitioner or a health care In the context of the NDIS, a provider is someone who provides products or services to assist NDIS participants to achieve the goals outlined in their plan. If you do not self-manage any of your NDIS funding, as an NDIS participant you are required to use providers who are registered with the NDIS Quality and Safeguards Commission. has breached the confidentiality of your health records or of any discussions you have had with them as part of your treatment and care, you can complain to the Health Care Complaints Commission.
You may, particularly if you suffer financial loss as a result of breach of confidentiality, also be able to take legal action in court for breach of confidentiality. The law is developing in this area, and there have been calls for new laws to give individuals a right to take legal action for breach of privacy.
Breach of confidentiality of patient records is usually dealt with as part of the disciplinary process for health care professionals such as doctors, dentists and pharmacists.
To find out more about where to get advice about your options to complain about a breach of confidentiality in relation to your health care, click here.
In Australia, there are specific pieces of legislation (‘Acts’ made by parliaments) that protect the privacy of personal information.
Generally speaking, Australian privacy laws are about how your personal information may be handled. For example, the Privacy Act 1988 (Cth), which applies across Australia, covers:
These are set out in privacy principles.
Since 2001, the Privacy Act 1988 (Cth) has applied to the private sector as well as the public sector and in particular to health information, which includes medical and hospital records. The NSW Parliament has also passed a law that applies to health information in both the private and public health care sector in NSW, this is the Health Records and Information Privacy Act 2002 (NSW).
This Act applies to health information, which is considered ‘sensitive information’ and which requires extra protection under privacy law.
The Privacy Act 1988 (Cth) includes Australian Privacy Principles that apply to the Federal Government and some private sector agencies.
In NSW there is also a set of Health Privacy Principles that form part of privacy law. These principles are not rigid but if you think a person or an organisation has not followed them, then you can complain either to the Commonwealth Privacy Commissioner or to the Information and Privacy Commission NSW.
If you think a health care In the context of the NDIS, a provider is someone who provides products or services to assist NDIS participants to achieve the goals outlined in their plan. If you do not self-manage any of your NDIS funding, as an NDIS participant you are required to use providers who are registered with the NDIS Quality and Safeguards Commission. has breached privacy principles in relation to your personal health information, you can complain. To find out more about privacy complaints, click here
Updated January 30, 2015