Fact Sheet - Statutory guidelines HRIP Act
This fact sheet appears below or can be viewed and downloaded here Fact sheet - Statutory guidelines HRIP Act, updated October 2023
|
Who is this information for? |
NSW public sector staff |
|
Why is this information important to them? |
Statutory guidelines expand upon the Health Privacy Principles (HPPs) within the HRIP Act. Their purpose is to guide organisations in their handling of health information and provide more detailed information regarding the scope of the HPPs. |
This fact sheet provides a brief outline of the four statutory guidelines that have been issued by the Privacy Commissioner relating to a number of exemptions to the Health Privacy Principles (HPPs). Some exemptions can only be relied upon where there is compliance with the relevant statutory guidelines. A failure to comply with the guidelines in such circumstances will result in a breach of an HPP.
Statutory guidelines on the management of health services
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with this statutory guideline if they intend to rely on the management of health services exemptions in HPPs 10(1)(d) or 11(1)(d).
This statutory guideline requires proposals for the use or disclosure of health information for the purposes of funding, management, planning or evaluation of health services to be submitted and reviewed by the Human Research Ethics Committee in accordance with the Statutory Guideline on Research.
Statutory guidelines on training
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with this statutory guideline if they intend to
rely on the training exemptions in HPPs 10(1)(e)
or 11(1)(e).
This statutory guideline requires that people being trained and work within the organisation, or people who will access health information during the training activity, sign an agreement stating that they are aware of the HPPs and that they agree to comply with those principles.
Statutory guidelines on research
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the statutory guideline if they want to rely on the research exemption in HPP 10(1)(f) or 11(1)(f).
The guideline requires research proposals to be submitted and reviewed by the Human Research Ethics Committee. The guideline sets out the procedure for the preparation of proposals.
Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the research substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.
Statutory guidelines on the collection of health information from a third party
Organisations may only collect health information about an individual from a third party (rather than directly from the individual themselves) when it is unreasonable or impracticable to collect it directly from the individual. This statutory guideline provides some examples of when it will be unreasonable or impracticable to collect the information directly from the person and collection from a third party will be permitted in accordance with HPP 3.
The Guideline also provides for a number of exemptions to HPP 4 that ordinarily requires an organisation to notify a person when collecting health information about them from someone else (a third party).
Along side the exemptions already listed in HPP 4, the guidelines provide for exemptions in circumstances including:
- Where notification would be unreasonable or impracticable
- When taking a family, social or medical history to provide a health service directly to the third party
- Where notification is provided to an authorised representative, reasonable steps are taken to explain the points to the person to whom the information relates in a way that is appropriate to their level of understanding, and so as to enable the person to be involved in the notification process to the greatest extent possible.
- Where the person has already been notified of the collection.
The guildline also requires that any subsequent uses or disclosures of the information are in accordance with HPPs 10 and 11.
For more information
Contact the Information and Privacy Commission NSW (IPC):
Freecall: 1800 472 679
Email: ipcinfo@ipc.nsw.gov.au
Website: www.ipc.nsw.gov.au
NOTE: The information in this fact sheet is to be used as a guide only. Legal advice should be sought in relation to individual circumstances.
