Skip to content
Victorian Government Website (Victoria, the Place to Be)
Department of Human Services, Victoria, Australia
Service Agreement Information Kit

4.5 Information privacy

New technology is providing opportunities to improve the accessibility and quality of human services, for example, through electronic linking of client records to the different services involved in client case management. However, clients need to be assured that organisations will handle their personal information appropriately and fairly and that their privacy will be protected.

The Health Records Act 2001 (HRA) and the Information Privacy Act 2000 (IPA), cover all personal information handled by the Victorian public sector and its funded organisations. (The HRA also covers health information handled by the private sector for non-funded services and activities.)

The IPA defines 'personal information' as information or opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion., It does not include information of the kind to which schedule 2 applies.

The clause in the 2006-09 service agreement has been revised to more clearly detail an organisation’s responsibilities in relation to the above Acts.

The Health Records Act applies to all 'health information'.

The Health Records Act 2001 contains detailed definitions of "health information", "health service" and "health service provider", which together or individually determine the coverage of the legislation.

The definition of health information is summarised as follows:

  1. personal information (including opinion) held by any organisation about a person's physical, mental or psychological health or disability, or about actual or desired provision of health services; and
  2. all personal information collected by health service providers to provide or in providing a health service in Victoria. 'Health service' is defined widely to cover medical, psychiatric, psychological, disability, aged care, and palliative care services, diagnostic, and pharmaceutical-dispensing services;
  3. including personal information relating to organ and other body part donation and genetic information.

The Information Privacy Act applies to all personal information except 'health information'.

Funded organisations are required by the standard clause in their service agreement to comply with both Acts.

Funded organisations are also subject to the HRA in their own right, if handling health information.

The full set of principles in the respective privacy laws are published on the Victorian Government website at www.dms.dpc.vic.gov.au (2000 Acts include the Information Privacy Act, 2001 Acts include the Health Records Act). Copies can be purchased from Information Victoria telephone 1300 366 356.

For more information, on the Health Records Act, contact:

Health Services Commissioner, 30th Floor, 570 Bourke Street Melbourne Victoria 3000.
Telephone: 1800 136 066.
Website: http://www.health.vic.gov.au/hsc (external link)

For more information on the Information Privacy Act contact:

Victorian Privacy Commissioner,Level 11, 10-16 Queen Street Melbourne Victoria 3000.
Telephone: 1300 666 444
Website: http://www.privacy.vic.gov.au (external link)

The department has also published Guidelines intended to assist the department and its funded service partners meet their legislative requirements. These Guidelines are available on the department's Privacy website at http://www.dhs.vic.gov.au/privacy/public/.

If further advice is required about specific issues surrounding health privacy and information privacy, funded organisations should seek independent legal advice.

top of page