This table sets out a summary version of some key Privacy Principles from the two Victorian Acts, as published by the Health Services Commissioner and the Victorian Privacy Commissioner respectively.
These do not set out the full set or form of the Principles, and are intended for quick reference only. The Principles in full can be found in the respective Acts.
Key Privacy Pinciples in Summary
| Health Privacy Principles Summary |
Information Privacy Principles Summary |
1. Collection
Only collect health information if necessary for the performance of
a function or activity and with consent (or if it falls within HPP1).
Notify individuals about what you do with the information and that
they can gain access to it. |
1. Collection
Collect only personal information that is necessary for performance
of functions. Advise individuals that they can gain access to personal
information. |
2. Use and Disclosure
Only use or disclose health information for the primary purpose for
which it was collected or a directly related secondary purpose the
person would reasonably expect. Otherwise, you generally need consent. |
2. Use and Disclosure
Use and disclose personal information only for the primary purpose
for which it was collected or a secondary purpose the person would
reasonably expect. Use for secondary purposes should have the consent
of the person. |
3. Data Quality
Take reasonable steps to ensure health information you hold is accurate,
complete, up-to-date and relevant to the functions you perform. |
3. Data Quality
Make sure personal information is accurate, complete and up-to-date. |
4. Data Security and Retention
Safeguard the health information you hold against misuse, loss, unauthorised
access and modification. Only destroy or delete health information
in accordance with HPP4. |
4. Data Security
Take reasonable steps to protect personal information from misuse,
loss, unauthorised access, modification or disclosure. |
5. Openness
Document clearly expressed policies on your management of health information
and make this statement available to anyone who asks for it. |
5. Openness
Document clearly expressed policies on management of personal information
and provide the policies to anyone who asks. |
6. Access and Correction
Individuals have a right to seek access to health information held
about them in the private sector, and to correct it if it is inaccurate,
incomplete, misleading or not up-to-date.* |
6. Access and Correction
Individuals have a right to seek access to their personal information
and make corrections. Access and correction will be handled mostly
under the Victorian Freedom of Information Act.
|
7. Identifiers
Only assign a number to identify a person if the assignment is reasonably
necessary to carry out your functions efficiently. |
7. Unique Identifiers
A unique identifier is usually a number assigned to an individual
in order to identify the person for the purposes of the organisation's
operations. Tax File Numbers and Driver's Licence Numbers are examples.
Unique identifiers can facilitate data matching. Data matching can
diminish privacy. IPP 7 limits the adoption and sharing of unique
numbers. |
8. Anonymity
Give individuals the option of not identifying themselves when entering
transactions with organisations where this is lawful and practicable. |
8. Anonymity
Give individuals the option of not identifying themselves when entering
transactions with organisations if that would be lawful and feasible. |
9. Transborder Data Flows
Only transfer health information outside Victoria if the organisation
receiving it is subject to laws substantially similar to the HPPs. |
9. Transborder Data Flows
Basically, if your personal information travels, your privacy protection
should travel with it. Transfer of personal information outside Victoria
is restricted. Personal information may be transferred only if the
recipient protects privacy under standards similar to Victoria's IPPs. |
10. Transfer/closure of practice health service
provider
If you're a health service provider, and your business or practice
is being sold, transferred or closed down, without you continuing
to provide services, you must give notice of the transfer or closure
to past service users. |
10. Sensitive Information
The law restricts collection of sensitive information like an individual's
racial or ethnic origin, political views, religious beliefs, sexual
preferences, membership of groups or criminal record. |
11. Making Information available to another
health service provider
If you're a health service provider, you must make health information
relating to an individual available to another health service provider
if requested by the individual. |
|
| For Information about the health records Act: |
For Information about the Information Privacy Act: |
Health Services Commissioner
30th Floor, 570 Bourke Street
Melbourne Victoria 3000
Telephone: 1800 136 066
Website: www.health.vic.gov.au/hsc |
Victorian Privacy Commissioner
Level 11, 10-16 Queen Street
Melbourne Victoria 3000
Telephone: 1300 666 444
Website: www.privacy.vic.gov.au
|
*[In the public sector individuals already have this right under Freedom
of Information].
