• Home
  • Privacy & Laws
  • Accessing Personal Records

Accessing personal records

Under the Commonwealth’s Privacy Act 1988 and specific state-based legislation, every jurisdiction recognises a general right of patients to access their own health records. However, record-keepers may, in some instances, be required or authorised to refuse access. A patient may be refused access to information where such access would: endanger the life or wellbeing of a person; affect the privacy of other individuals; be prejudicial to legal proceedings between the patient and record-keeper; be prejudicial to an investigation of possible unlawful activity or prejudicial to a law enforcement function.

People notified by contact tracers are not entitled to access information about the contact's identity, behaviour or diagnosis without that person's consent, even if that information is in their own records. Should a patient wish to access their own record, details of the identity of any contacts contained in their record should be removed.


Commonwealth Legislation:

Privacy Act 1998 – Schedule 1, Part 5 APP 12

State Legislation:


Health Record and Information Privacy Act 2002 – Part 4 Division 3

Government Information (Public Access) Act 2009 – Part 4 Division 4 – and Part 2 Division 2 public interest principles, Schedule 1


Health Records Act 2001 – Section 26, Division 3, HPP 6

Freedom of Information Act 1982 – Section 23


Information Privacy Act 2009 Section50, 64 Right to Information Act 2009 – Section 47, 49, 51, Schedule 3 and Schedule 4

WA Freedom of Information Act 1992 – Section 10 and Schedule 1


Freedom of Information Act 1991 – Section 26 and Schedule 1 TAS Freedom of Information Act 1991 – Section 7 and Part 3


Information Act 2002 – Section 16, 24, Part 4


Health Records (Privacy and Access) Act 1997 – Section 8, Sections 14 – 16A, 17


Page last updated April 2021