New South Wales Consolidated Acts

HEALTH RECORDS AND INFORMATION PRIVACY ACT 2002 - SECT 75

75 Regulations

(1) The Governor may make regulations, not inconsistent with this Act, for or with respect to any matter that by this Act is required or permitted to be prescribed or that is necessary or convenient to be prescribed for carrying out or giving effect to this Act.

(2) Without limiting the generality of subsection (1), regulations may be made for or with respect to the following matters:

(a) disapplying any provision or provisions of Part 6 with respect to any private sector person or class of private sector persons, subject to subsection (3),

(b) the manner in which health privacy codes of practice are to be prepared and developed,

(c) exempting specified persons, private sector persons or public sector agencies, or classes of person, private sector persons or public sector agencies, from:

(i) any of the requirements of this Act or the regulations relating to the collection, use or disclosure of specified classes of health information, or

(ii) any other provision of this Act,

(d) providing for 2 or more public sector agencies or classes of public sector agencies to be treated as a single agency:

(i) for the purposes of this Act generally, or

(ii) for the purposes of specified provisions of this Act, or

(iii) for the purposes of specified Health Privacy Principles or health privacy codes of practice,

(e) providing for 2 or more private sector persons or classes of private sector persons (including private sector persons that are related bodies corporate) to be treated as a single private sector person:

(i) for the purposes of this Act generally, or

(ii) for the purposes of specified provisions of this Act, or

(iii) for the purposes of specified Health Privacy Principles or health privacy codes of practice,

(f) the auditing of compliance by organisations with the provisions of this Act, including the types of activities or conduct that may be subject to audit, the persons or bodies by whom an audit may be conducted and the frequency or timing of audits.

(3) A regulation made under subsection (2) (a) applies with respect to a private sector person only for so long as an individual is entitled to make a complaint that an act or practice by the private sector person may be an interference with the privacy of the individual (as referred to in section 13A of the Privacy Act 1988 of the Commonwealth) under a Commonwealth privacy code binding the private sector person or class of private sector persons concerned that sets out procedures for making and dealing with complaints in relation to acts or practices of the private sector person or class of private sector persons.

(4) The regulations may create offences punishable by a penalty not exceeding 50 penalty units.

(5) In this section:
"Commonwealth privacy code" means a privacy code approved by the Commonwealth Privacy Commissioner under the Privacy Act 1988 of the Commonwealth.
"complaint" means a complaint of any kind, regardless of the nature of any remedies that may be available in respect of the complaint.