Security/storage of health information

 In Australia, all private health service providers and Commonwealth government entities are subject to the Privacy Act 1988. Under Australian Privacy Principle 11.1 these entities are required to take “such steps as are reasonable in the circumstances to protect the information from misuse, interference, loss and from unauthorized access, modification or disclosure.” State and territory government health service providers are subject to applicable privacy legislation of each state or territory.

Health services should have in place:

Electronic records pose particular challenges. Electronic record systems pose increased risks for access by unauthorised staff and 'browsing' and data leakage. Medical practices must address the security of data storage/transfer systems, including the risks posed by staff who may intentionally or inadvertently access electronic records for reasons unrelated to the provision of health care.

Legislation

National

Privacy Act 1988 – APP11

State-based

NSW

Health Records and information  – HPP 5

VIC

Health Records Act 2001 – HPP 4

QLD

Information Privacy Act – IPP 4 (Public Sector Only)

SA

Cabinet Administrative Instruction (IPPS) – Part II (4)

WA

No comprehensive legislation to deal with storage of personal information by agencies

TAS

Personal Information Protection Act 2004 - PIPP 4 (Public Sector only)

ACT

Health Records (Privacy and Access) Act 1997 – Principle 4.1

NT

Information Act 2002 – Principle 4 (Public Sector Only)

 

Page last updated April 2021

Print