The Office of the Australian Information Commissioner (OAIC) has released for consultation a series of draft health privacy resources for health service providers and consumers (Resources).  The Resources will replace the OAIC’s existing health privacy guidance materials, which were released prior to the 2014 reforms to thePrivacy Act 1988 (Cth). 
The Resources will supplement the OAIC's Australian Privacy Principle guidelines, providing more detailed guidance on the APPs in the health and research context.

The Resources comprise of 11 business resources for health service providers and 2 fact sheets for consumers.  They cover a number of topics relevant to the handling of health information by health service providers as follows:

  1. key concepts, such as the meaning of 'health service provider' and 'health information';
  2. collection, such as consent requirements (and exemptions) and how health information should be collected;
  3. use and disclosure, such as examples of directly related secondary purposes for the use and disclosure of health information;
  4. access and correction, such as examples of excess access charges and when access can be refused;
  5. business closure or change of circumstances, such as consent and notice requirements when a health service provider is sold or merged with another; and
  6. when permitted health situations exist for the collection, use or disclosure of personal information, with particular guidance on the following permitted health situations: 
    a) management, funding or monitoring of a health service; 
    b) research; 
    c) serious threat to the life, health or safety of genetic relatives (in relation to genetic information); and 
    d) impaired capacity.

The OAIC acknowledges that health service providers' privacy obligations extend beyond the APPs and provides some limited guidance in the Resources as to the interaction between these obligations.  For example, the Resources point out when additional obligations may apply to the private sector under health privacy laws in NSW, Victoria and the ACT. Although much of the interaction is left to the health service provider to investigate further, this guidance is welcomed in an area involving a complex web of legislation.


The OAIC is seeking feedback on the Resources from health industry groups, health service providers, individuals with an interest or expertise in the health industry, health consumers, or any other interested parties.  In particular, the OAIC is seeking feedback on the following:

  • Is any of the content unnecessary? Is any additional content needed?
  • Are the guidance materials easy to read?
  • Is the layout presented clearly, and in a way that is likely to be useful to health service providers and health consumers?
  • Are there any other ways in which the material could be enhanced?

The closing date for comments is Tuesday 20 October 2015.

More information about the consultation and making submissions can be found on the OAIC's website,