HRIP Act

The Health Records and Information Privacy Act 2002 (HRIP Act) outlines how New South Wales (NSW) public sector agencies and health service providers manage the health information of NSW public members.

The commentary on this page is not intended to provide legal advice or legal interpretation of any of the Health Records and Information Privacy Act 2002 (HRIP Act) For the full text of the Act go to: Health Records and Information Privacy Act 2002 (HRIP Act) (external website)

What agencies and or persons are bound by the HRIP Act?

The HRIP Act applies to organisations (public sector agencies or a private sector person) that are health service providers or that collect, hold or use health information. This includes hospitals both public and private, doctors, other health service providers and any other organisations that handle your health information. This can include universities that undertake research, a gym that records information about your health, or even your physiotherapist. More specifically the Act applies to:

  • Public sector agencies
  • Private sector organisations that provide a health service or collects, holds or uses health information
  • Private sector organisations including some businesses that are related to another business, with an annual turnover of more than $3 million that collect, store or use your health information.

Please contact us if you are unsure if the laws apply.

Definition of health information

The legal definition of health information is provided in Section 6 of the HRIP Act.

Exemptions from the definition

There are some circumstances where individuals and organisations do not have to abide by the HPPs; these are outlined in the Health Privacy Codes of Practice and Health Public Interest Directions.

Role of the NSW Privacy Commissioner

The HRIP Act also gives powers to the NSW Privacy Commissioner to receive, investigate and conciliate complaints made against an agency, health service provider or organisation holding health information.

Special rules about your health information

In addition to the HPPs, the HRIP Act sets out special rules for private sector organisations about:

  • holding health information by health service providers; 
  • giving people access to their health information, including when access can be refused; and 
  • allowing people to amend their health information held by the organisation.

This is outlined in more detail in Part 4 of the HRIP Act.

Statutory guidelines

The NSW Privacy Commissioner has developed four statutory guidelines under the HRIP Act. The statutory guidelines are not a plain English guide to the HRIP Act. They are legally binding documents that define the scope of particular exemptions in the HPPs. They describe how the exemption applies and what you need to do in order to comply with the exemption. They are as important as the exemption itself. They relate to the:

For more information about statutory guidelines, please see our fact sheet: Statutory guidelines.

If you find that you are having difficulties reading our documents or other material, please contact us on 1800 472 679 so we can provide another option for you to access our material.

Health Privacy Principles

The 15 Health Privacy Principles (HPPs) are the key to the HRIP Act. They are legal duties that describe what NSW public sector agencies and private sector organisations (such as health service providers, businesses, private hospitals, GPs, gyms etc) must do when they handle your personal health information.

The 15 HPPs detail how your health information must be collected, stored, used, and disclosed as well as your rights to access your health information. If you require more information on the 15 HPPs we encourage you to read our fact sheet: Health Privacy Principles (HPPs)

Further reading

You can find more detailed information about the HRIP Act by reading:

If you find that you are having difficulties reading our documents or other material, please contact us on 1800 472 679 so we can provide another option for you to access our material.

Rating: 
1 out of 5 star rating
Average: 1 (1 vote)
Archive: 
0