| Home <
Health Records Act Overview
Who must comply with the Health Records Act ?
Inquiries about the Act
How to view the Act
The Health Records Act 2001 (the Act) created a framework to protect
the privacy of individuals' health information. It regulates the collection
and handling of health information. The Act:
- gives individuals a legally enforceable right of access to health
information about them that is contained in records held in Victoria
by the private sector; and
- establishes Health Privacy Principles (HPPs) that will apply to
health information collected and handled in Victoria by the Victorian
public sector and the private sector.
The access regime and the HPPs are designed to protect privacy and
promote patient autonomy, whilst also ensuring safe and effective service
delivery, and the continued improvement of health services. The HPPs generally apply to:
- all personal information collected in providing a health, mental
health, disability, aged care or palliative care service; and
- all health information held by other organisations.
Complaints about interferences with privacy (breaches of Part 5 of the Act or an HPP) are handled by the Health Services Commissioner.
Who must comply with the Health Records Act?
The Act applies to the health, disability and aged care information
handled by a wide range of public and private sector organisations.
This includes health service providers, and also other organisations
that handle such information. For example:
- bodies such as companies, incorporated associations, unincorporated
associations, Local Government, Victorian Government agencies and
Departments, public hospitals and other public bodies (such as Victoria
- sole practitioners, partnerships, Members of Parliament, and trustees.
The Health Privacy Principles (HPPs) in the Act apply to health information
that is handled in Victoria. The Act will apply in two main ways.
1. Does the organisation provide a health, disability or aged
When an organisation provides a health, disability or aged care
service, the HPPs apply to all identifying personal information originally
collected by the organisation in the course of providing that service.
All such information is "health information". Such a provider
is referred to in the Act as a "health service provider".
This will include personal information collected to provide services
- medical practitioners (general practitioners and specialists);
- mental health providers;
- allied health service providers;
- complementary health service providers;
- nursing services;
- private and public hospitals;
- community health centres;
- pharmacists dispensing drugs;
- day procedure centres;
- pathology services;
- supported residential services;
- aged care providers (including nursing homes and hostels, and
other service providers);
- palliative care providers;
- disability service providers; and
- other organisations (such as public and private schools, the
Victorian Department of Health and other Government agencies
or public bodies), but only in those situations where the personal
information is collected to provide a health, disability or aged
2. Personal information collected in other situations
The HPPs will apply to the collection, use and handling of identifying
personal information that is defined as "health information" under
the Act. This will include:
- information or opinion about the physical or mental health,
or disability, of an individual;
- an individual's expressed preferences about the future provision
of health, disability or aged care services to him or her;
- the nature of health, disability or aged care services that
have been, or are to be, provided to an individual;
- information originally collected in the course of providing
a health, disability or aged care service to an individual;
- personal information collected in connection with the donation
of human tissue;
- genetic information that is or could be predictive of the
health of an individual or their descendants.
Any organisation that handles this kind of identifying health
information is subject to the HPPs, unless an exemption under the
Act applies. The exemptions under the Act are very limited.
The Act applies regardless of the size of the business or organisation.
There is no "small business" exemption.
Organisations that are subject to the Act, when they handle health
- Victorian Government Departments and public bodies established
under Victorian law;
- blood and tissue banks;
- public and private sector employers (eg. in relation to their
employees' personnel records);
- kindergartens and crèches;
- insurers and superannuation organisations;
- any other organisation that holds health information or health
reports concerning its clients or customers
Inquiries about the Act
Further information is also available from the Office of the Health
Services Commissioner at http://www.health.vic.gov.au/hsc/
The Commissioner's office can be contacted on (03) 8601 5200 or toll
free on 1800 136 066.
How to view the Act
The Health Records Act is available on the Victorian Legislation
and Parliamentary Documents website at http://www.legislation.vic.gov.au