Overview

Health Home

Main A to Z Index | Site Map | About Health | Links

Home <

Health Records Act Overview

Overview
Who must comply with the Health Records Act ?
Inquiries about the Act
How to view the Act

The Health Records Act 2001 (the Act) created a framework to protect the privacy of individuals' health information. It regulates the collection and handling of health information. The Act:

gives individuals a legally enforceable right of access to health information about them that is contained in records held in Victoria by the private sector; and
establishes Health Privacy Principles (HPPs) that will apply to health information collected and handled in Victoria by the Victorian public sector and the private sector.

The access regime and the HPPs are designed to protect privacy and promote patient autonomy, whilst also ensuring safe and effective service delivery, and the continued improvement of health services. The HPPs generally apply to:

all personal information collected in providing a health, mental health, disability, aged care or palliative care service; and
all health information held by other organisations.

Complaints about interferences with privacy (breaches of Part 5 of the Act or an HPP) are handled by the Health Services Commissioner.

^ Top

Who must comply with the Health Records Act?

The Act applies to the health, disability and aged care information handled by a wide range of public and private sector organisations. This includes health service providers, and also other organisations that handle such information. For example:

bodies such as companies, incorporated associations, unincorporated associations, Local Government, Victorian Government agencies and Departments, public hospitals and other public bodies (such as Victoria Police); and
sole practitioners, partnerships, Members of Parliament, and trustees.

The Health Privacy Principles (HPPs) in the Act apply to health information that is handled in Victoria. The Act will apply in two main ways.

1. Does the organisation provide a health, disability or aged care service?

When an organisation provides a health, disability or aged care service, the HPPs apply to all identifying personal information originally collected by the organisation in the course of providing that service. All such information is "health information". Such a provider is referred to in the Act as a "health service provider".

This will include personal information collected to provide services by:

medical practitioners (general practitioners and specialists);
dentists;
mental health providers;
allied health service providers;
complementary health service providers;
nursing services;
private and public hospitals;
community health centres;
pharmacists dispensing drugs;
day procedure centres;
pathology services;
supported residential services;
aged care providers (including nursing homes and hostels, and other service providers);
palliative care providers;
disability service providers; and
other organisations (such as public and private schools, the Victorian Department of Health and other Government agencies or public bodies), but only in those situations where the personal information is collected to provide a health, disability or aged care service.

2. Personal information collected in other situations

The HPPs will apply to the collection, use and handling of identifying personal information that is defined as "health information" under the Act. This will include:

information or opinion about the physical or mental health, or disability, of an individual;

an individual's expressed preferences about the future provision of health, disability or aged care services to him or her;

the nature of health, disability or aged care services that have been, or are to be, provided to an individual;

information originally collected in the course of providing a health, disability or aged care service to an individual;

personal information collected in connection with the donation of human tissue;

genetic information that is or could be predictive of the health of an individual or their descendants.

Any organisation that handles this kind of identifying health information is subject to the HPPs, unless an exemption under the Act applies. The exemptions under the Act are very limited.

The Act applies regardless of the size of the business or organisation. There is no "small business" exemption.

Organisations that are subject to the Act, when they handle health information, include:

Victorian Government Departments and public bodies established under Victorian law;

universities;

researchers;

blood and tissue banks;

public and private sector employers (eg. in relation to their employees' personnel records);

kindergartens and crèches;

counsellors;

insurers and superannuation organisations;

gymnasiums;

any other organisation that holds health information or health reports concerning its clients or customers

^ Top

Inquiries about the Act

Further information is also available from the Office of the Health Services Commissioner at http://www.health.vic.gov.au/hsc/

The Commissioner's office can be contacted on (03) 8601 5200 or toll free on 1800 136 066.

How to view the Act

The Health Records Act is available on the Victorian Legislation and Parliamentary Documents website at http://www.legislation.vic.gov.au

^ Top

Last updated: 25 October, 2011
This web site is managed and authorised by the Private Hospitals and Non Emergency Patient Transport Unit of the Rural and Regional Health and Aged Care Services Division of the Victorian State Government, Department of Health, Australia

For general enquiries to the Department of Health telephone 61 3 90960000