Australian Capital Territory Consolidated Acts Australian Capital Territory Consolidated ActsSchedule 1 The privacy principles
(see s 5)
Principle 1: Manner and purpose of collection of personal health information
1 A collector shall not collect personal health information for inclusion in a health record or in a generally available publication unless—
(a) the information is collected for a lawful purpose that is directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly related to that purpose.
2 A collector shall not collect personal health information by unlawful or unfair means.
3 Where personal health information or health records are required to be collected by someone as part of his or her employment for the management, funding or quality of a health service received by the consumer, then that person is allowed access to the information only for those purposes, unless these principles otherwise provide.
Principle 2: Purpose of collection of personal health information to be made known
1 Subject to clause 2 of this principle, where—
(a) a collector collects personal health information for inclusion in a health record or in a generally available publication; and
(b) the information is solicited by the collector from the consumer concerned;
the collector shall take such steps (if any) as are reasonable in the circumstances to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the consumer is generally aware of—
(c) the purpose for which the information is being collected; and
(d) if the collection of the information is required or authorised by law—the fact that the collection of the information is so required or authorised; and
(e) unless it is obvious from the circumstances of any health service provided—the identity of all members of the treating team who will have access to the consumer's personal health information; and
(f) the identity of any person to whom, or agency to which, the collector would, in accordance with the collector's usual practice, disclose the information for inclusion in a health record or in a generally available publication; and
(g) if it is, to the knowledge of the collector, the usual practice of any such person or agency to pass on such information to other persons or agencies—the identity of each of those other persons or agencies.
2 The collector is not required to notify the consumer of the identity of individuals, or classes of individuals, who are employed by the collector and who are required for the management, funding or quality of the health service received by the consumer to handle health records or personal health information as part of their employment.
Principle 3: Solicitation of personal health information generally
Where—
(a) a collector collects personal health information about a consumer for inclusion in a record or in a generally available publication; and
(b) the information is solicited by the collector;
the collector shall take such steps (if any) as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is collected—
(c) the information is relevant, up to date and accurate; and
(d) the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the consumer.
Principle 4.1: Storage, security and destruction of personal health information—safekeeping requirement
1 A record keeper who has possession or control of a health record must ensure that—
(a) the record is protected, by reasonable security safeguards, against each of the following:
(i) loss;
(ii) unauthorised access, use, modification or disclosure;
(iii) other misuse; and
(b) if the record is given to another entity—everything reasonably within the power of the record keeper is done to prevent unauthorised use or disclosure of any information contained in the record.
2 A record keeper must keep, and must not destroy, a health record about a consumer, even if it is later found or claimed to be inaccurate.
3 However, clause 2 does not apply to the destruction of a health record about a consumer if—
(a) the destruction is required or allowed under a law of the Territory; or
Note Law of the Territory —see dict.
(b) the destruction is not prohibited under any other law and happens after—
(i) if the consumer is under 18 years old when the information is collected—the day the consumer turns 25 years old; or
(ii) if the consumer is an adult when the information is collected—7 years after the day a service was last provided to the consumer by the record keeper.
Example of law of the Territory that might deal with record keeping for health professionals
a standard of practice under the Health Professionals Act 2004
Note An example is part of the Act, is not exhaustive and may extend, but does not limit, the meaning of the provision in which it appears (see Legislation Act, s 126 and s 132).
Principle 4.2: Storage, security and destruction of personal health information—register of destroyed or transferred records
1 A record keeper must keep a register of records that have been destroyed or transferred to another entity.
Note Entity includes a person (see Legislation Act, dict, pt 1).
2 The register must identify the following for records that have been destroyed or transferred:
(a) the consumer to whom the record relates;
(b) the period of time the record covers;
(c) for a destroyed record—the date the record was destroyed;
(d) for a transferred record—the entity to which the record has been transferred.
3 A record keeper need not keep a record on the register under clause 1 for longer than 7 years after the day the record is made.
Principle 4.3: Storage, security and destruction of personal health information—destruction of health information
1 Health information may be kept by a health service provider if it is needed for the purpose for which it was collected, or another purpose allowed under a law of the Territory, even if its destruction is allowed under principle 4.1.
2 An entity other than a health service provider must take reasonable steps to destroy, or permanently deidentify, health information if it is no longer needed for the purpose for which it was collected or for any other purpose allowed under a law of the Territory.
Principle 5: Information relating to records kept by record keeper
1 A record keeper who has possession or control of health records shall, subject to clause 2 of this principle, take such steps as are reasonable in the circumstances to enable any consumer to ascertain—
(a) whether the record keeper has possession or control of any health records, or personal health information, relating to the consumer; and
(b) if so—
(i) the nature of the records or information; and
(ii) the main purposes for which the records are, or the information is, used; and
(iii) the steps that the person should take if the person wishes to obtain access to the records or the information.
2 A record keeper is not required to give a person information if, under a law of the Territory (including this Act) or a law of the Commonwealth, the record keeper is required or authorised to refuse to give that information to the person.
Principle 6: Access to health records by people other than the consumer
1 A health service provider who is a member of a treating team for a consumer may have access to the personal health information about the consumer so far as necessary for the provision by the provider of a health service to the consumer.
2 If a person reasonably requires access to personal health information about a consumer for the purpose of the management, funding or quality of a health service received, or being received, by the consumer, the person may have access to the extent necessary for that purpose without the consumer's consent.
3 A treating health service provider for a consumer may disclose personal health information about the consumer to an immediate family member if—
(a) the disclosure is made for compassionate reasons; and
(b) the provider believes, on reasonable grounds, that the disclosure would be expected by the consumer; and
(c) the disclosure is not contrary to any wishes previously expressed by the consumer that the provider is, or ought reasonably to be, aware of.
Note Section 17 deals with information subject to confidentiality.
4 An entity must not require a consumer, directly or indirectly, to obtain or grant access to a health record about the consumer unless the entity is required or allowed to make the requirement under—
(a) a law of the Territory; or
(b) a law of the Commonwealth; or
(c) an order of a court.
Principle 7: Alteration of health records
1 A person shall not delete information from a health record, even where it is later found or claimed to be inaccurate, unless the deletion is part of a program of archival destruction.
2 A record keeper who has possession or control of a health record shall take such steps, by way of making appropriate corrections and additions as are reasonable in the circumstances, to ensure that the record is—
(a) up to date and accurate; and
(b) relevant to the purpose for which the information was collected or is to be used and to any other purpose that is directly related to that purpose.
3 Where—
(a) the record keeper of a health record is not willing to amend that record, by making a correction or an addition, in accordance with a request by the consumer concerned; and
(b) no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request is pending, or has been made, under a law of the Territory (including this Act) or a law of the Commonwealth;
the record keeper shall, if the consumer gives to the record keeper a written statement concerning the requested correction or addition, take such steps as are reasonable in the circumstances to include the statement in the record.
4 Where the record keeper accepts the need to amend the health record but—
(a) the record keeper considers it likely that leaving incorrect information on a health record, even if corrected, could cause harm to the consumer or result in incorrect health care treatment or assistance being provided; or
(b) the form in which the record is held makes correction impossible; or
(c) the corrections required are sufficiently complex or numerous for a real possibility of confusion or error to arise in relation to interpreting or reading the record if it were to be so amended;
the record keeper shall place the incorrect information on a record which is not generally available to the consumer's treating practitioner or treating team, and to which access is restricted, and take such steps as are reasonable in the circumstances to ensure that only the corrected copy is generally available to the practitioner or treating team.
Principle 8: Record keeper to check accuracy etc of personal health information before use etc
1 A record keeper who has possession or control of a health record shall not use personal health information in that record without taking such steps (if any) as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is proposed to be used, the information is up to date and accurate.
2 Where a person gives information in confidence to a health service provider about a consumer, the provider shall—
(a) encourage the person to waive the requirement of confidentiality; and
(b) if the information remains confidential—
(i) record the information only if it is likely to assist in the treatment or care of the consumer; and
(ii) take such steps (if any) as are reasonable in the circumstances to ensure that the information is accurate and not misleading.
Principle 9: Limits on use of personal health information
1 Except where personal health information is being shared between members of a treating team to the extent necessary to improve or maintain the consumer's health or to manage a disability of the consumer, a record keeper who has possession or control of a health record that was obtained for a particular purpose shall not use the information for any other purpose unless—
(a) the consumer has consented to use of the information for that other purpose; or
(b) the record keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a significant risk to the life or physical, mental or emotional health of the consumer or another person; or
(c) use of the information for that other purpose is required or authorised by—
(i) a law of the Territory; or
(ii) a law of the Commonwealth; or
(iii) an order of a court of competent jurisdiction;
(d) the purpose for which the information is used is directly related to the purpose for which the information was obtained; or
(e) the use of the information is related to the management, funding or quality of the health service received by the consumer.
2 In relation to the sharing of information among a treating team, unless it is obvious from the circumstances or context of the health service, the person in charge of the treating team shall inform the consumer of the identity of all members of the treating team who will have access to the consumer's personal health information.
3 The treating team leader is not required to notify the consumer of the identity of individuals, or of classes of individuals, who are required for the management, funding or quality of the health service received by the consumer to handle health records or personal health information.
Principle 10: Limits on disclosure of personal health information
1 A record keeper who has possession or control of a health record must not disclose personal health information about a consumer from the record to an entity other than the consumer.
2 Clause 1 does not apply to the disclosure of personal health information about a consumer to an entity if—
(a) the information is being shared between members of a treating team for the consumer only to the extent necessary to improve or maintain the consumer's health or manage a disability of the consumer; or
(b) the consumer is reasonably likely to have been aware, or to have been made aware under principle 2, that information of the kind disclosed is usually disclosed to the entity; or
(c) the consumer has consented to the disclosure; or
(d) the record keeper believes, on reasonable grounds, that the disclosure is necessary to prevent or lessen a serious and imminent risk to the life or physical, mental or emotional health of the consumer or someone else; or
(e) the disclosure is required or allowed under—
(i) a law of the Territory (including this Act); or
Note Disclosure is allowed under cl 8, cl 9 and cl 10.
(ii) a law of the Commonwealth; or
(iii) an order of a court; or
(f) the disclosure of the information is necessary for the management, funding or quality of the health service received, or being received, by the consumer.
3 Clause 1 also does not apply to the disclosure of personal health information about a consumer to an entity if—
(a) the disclosure is necessary for the purpose of research or the compilation or analysis of statistics, in the public interest; and
(b) it is impracticable to seek the consumer's consent before disclosure; and
(c) the purpose mentioned in paragraph (a) cannot be achieved by the disclosure of information that does not identify the consumer and from which the consumer's identity cannot reasonably be worked out; and
(d) the entity is required for any disclosed information ( identifiable information ) that identifies the consumer, or from which the consumer's identity can be reasonably worked out—
(i) to provide protection that is at least equal to that of this Act and that prevents any further disclosure of it; and
(ii) to take reasonable steps to deidentify the information and destroy identifiable information at the earliest possible opportunity; and
(iii) to ensure that identifiable information is not made publicly available.
(e) the disclosure is in accordance with guidelines prescribed by regulation for this clause; and
(f) the record keeper believes, on reasonable grounds, that the recipient of the health information will not disclose the personal health information.
4 Clause 1 also does not apply to the disclosure of personal health information about a consumer to a person responsible for the consumer's care (the "carer") if—
(a) the consumer cannot give or withhold consent to the disclosure, whether or not because the consumer is a young person or legally incompetent person; and
(b) in the record keeper's opinion, the disclosure is necessary to enable the carer to safely and effectively provide appropriate services to, or care for, the consumer.
5 In relation to the sharing of information among the treating team under clause 2 (a), unless it is obvious from the circumstances and context of the health service, the person in charge of the treating team must tell the consumer about the identity of each member of the treating team who will have access to the personal health information about the consumer.
6 However, the treating team leader need not tell the consumer about the identity of individuals who are required to handle health records, or personal health information about the consumer, for the management, funding or quality of the health service received, or being received, by the consumer.
7 A consent given by a consumer for clause 2 (c) must—
(a) be in writing and signed—
(i) if the consumer is a young person or legally incompetent person—by a guardian of the consumer; or
(ii) in any other case—by the consumer; and
(b) name the health service provider who made the record.
Note If a form is approved under s 35 for this provision, the form must be used.
8 An entity to which information is disclosed under clause 2, clause 3 or clause 4 must not use or disclose the information for a purpose other than the purpose for which the information was given to the entity.
9 If there is an emergency and a consumer cannot give or withhold consent to the disclosure of personal health information about the consumer, the treating health service provider may discuss relevant personal health information with an immediate family member of the consumer to the extent reasonable and necessary for the proper treatment of the consumer.
10 A treating health service provider for a consumer may disclose personal health information about the consumer to a person responsible for the consumer's care (the "carer") if—
(a) the consumer cannot give or withhold consent to the disclosure, whether or not because the consumer is a young person or legally incompetent person; and
(b) in the record keeper's opinion, the disclosure is necessary to enable the carer to safely and effectively provide appropriate services to, or care for, the consumer.
11 A treating health service provider for a consumer may disclose personal health information about the consumer to an immediate family member if—
(a) the consumer cannot give or withhold consent to the disclosure, whether or not because the consumer is a young person or legally incompetent person; and
(b) the disclosure is made for compassionate reasons; and
(c) the provider believes, on reasonable grounds, that the disclosure would be, or would have been, expected by the consumer; and
(d) the disclosure is not contrary to any wishes previously expressed by the consumer of which the provider is aware or ought reasonably to be aware.
Example for par (a)
Jo has died, and Jo's daughter who has looked after him for many years cannot understand why he died when he seemed to have recovered from a recent illness. She is extremely distressed. Subject to clause 11 (c) and (d), the treating health service provider may disclose personal health information about Jo's illness if she considers that the disclosure would help Jo's daughter.
Note An example is part of the Act, is not exhaustive and may extend, but does not limit, the meaning of the provision in which it appears (see Legislation Act, s 126 and s 132).
Principle 11: Transfer or closure of practice of health service provider
1 This principle applies if the practice of a health service provider (the "provider") is, or is proposed to be—
(a) sold or otherwise transferred; or
(b) closed down.
2 The provider or, if the provider is deceased, the legal representatives of the provider, shall—
(a) publish a notice in a newspaper circulating in the locality of the practice stating that—
(i) the practice has been, or is about to be, transferred or closed down (as the case may be); and
(ii) the health records of the practice, other than those returned to a consumer or passed on to a nominated practitioner at the consumer's request, will be transferred to a specified person (being a person to whom clause 3 (a) or (b) of this principle applies) at a specified address; and
(b) take such other steps as are practicable to inform every such consumer—
(i) that the practice has been, or is about to be, transferred or closed down (as the case may be); and
(ii) about the arrangements (as stated in the notice under paragraph (a)) for dealing with those health records.
3 Not earlier than 21 days after giving notice in accordance with clause 2 of this principle, the person or persons giving the notice shall transfer each health record held by, or on behalf of, the practice—
(a) to the health service provider (if any) who takes over the practice;
(b) to a competent record keeper for safe storage in the Territory (until such time (if any) as the record is destroyed as part of a program of archival destruction); or
(c) to the consumer to whom the record relates or to a practitioner nominated by that consumer.
4 Subject to the restriction stated in clause 3 of this principle, a person shall comply with the requirements of this principle as soon as practicable.
5 Despite any other provision of these principles, a person who transfers a health record in accordance with this principle does not, by so doing, contravene these principles.
Principle 12: Transfer of consumer to another health service provider or of health service provider to another practice
1 If a consumer transfers from 1 health service provider (the first provider ) to another health service provider (the second provider )—
(a) the consumer may ask the first provider to give the second provider the consumer's health record; and
(b) the first provider—
(i) must give the second provider the consumer's record or a copy of the record; and
(ii) may also give the second provider a written summary of the consumer's health record.
2 If a health service provider transfers from 1 practice (the first practice ) to another practice and a consumer continues to see the provider—
(a) the consumer may ask the first practice to give the provider the consumer's health record; and
(b) the first practice—
(i) must give the provider the consumer's record or a copy of the record; and
(ii) may also give the provider a written summary of the consumer's health record.
3 The fee chargeable for giving a health record, or a copy or written summary of a health record, under this principle is—
(a) if a fee has been determined under section 34 for this principle—the determined fee; or
(b) in any other case—nil.