Accessing personal records


Under the Commonwealth’s Privacy Act 1988 and specific state-based legislation, every jurisdiction recognises a general right of patients to access their own health records. However, record-keepers may, in some instances, be required or authorised to refuse access. A patient may be refused access to information where such access would: endanger the life or wellbeing of a person; affect the privacy of other individuals; be prejudicial to legal proceedings between the patient and record-keeper; be prejudicial to an investigation of possible unlawful activity or prejudicial to a law enforcement function.

People notified by contact tracers are not entitled to access information about the contact's identity, behaviour or diagnosis without that person's consent, even if that information is in their own records. Should a patient wish to access their own record, details of the identity of any contacts contained in their record should be removed.

Commonwealth Legislation:

Privacy Act 1998 – Schedule 1, Part 5 APP 12

State Legislation:


Health Records (Privacy and Access) Act 1997 – Section 8, Sections 14 – 16A, 17


Health Record and Information Privacy Act 2002 – Part 4 Division 3

Government Information (Public Access) Act 2009 – Part 4 Division 4 – and Part 2 Division 2 public interest principles, Schedule 1


Information Act 2002 – Section 16, 24, Part 4


Information Privacy Act 2009 Chapter 3

Right to Information Act 2009 – Chapter 3, Schedule 3 and Schedule 4


Freedom of Information Act 1991 – Section 26 and Schedule 1


Freedom of Information Act 1991 – Section 7 and Part 3


Health Records Act 2001 – Section 26, Division 3, HPP 6

Freedom of Information Act 1982 – Section 23


Freedom of Information Act 1992 – Section 10 and Schedule 1


Page last updated October 2022