Where am I now? Lawlink > Office of the Privacy Commissioner > About Us > Part 3: Complaints Under The HRIP Act
Part 3: Complaints Under The HRIP Act
3.1 THE COMPLAINTS-HANDLING PROCESS
If a person believes that you have breached their health privacy, they can make a complaint about it under the HRIP Act. The complaints-handling processes for the public and private sectors are slightly different.
- Complaints about the public sector
|For public sector organisations, the complaints procedure under the HRIP Act uses the complaints procedure under Part 5 of the PPIP Act. That is, where a person believes your organisation has handled their health information in breach of the HPPs, the person can seek an internal review by your organisation.|
If the internal review is not completed within 60 days, or the person is unhappy with the handling or results of the internal review, they can ask the Administrative Decisions Tribunal to review the conduct or decision. The Tribunal can make legally binding orders, including ordering your organisation to correct its conduct or pay compensation of up to $40,000.
- Complaints about the private sector
|Where a person believes your organisation has handled their health information in breach of the HPPs or the special private sector provisions in Part 4 of the HRIP Act, the person can make a complaint to the NSW Privacy Commissioner. When a complaint is received, if it is identified as being within the Commissioner’s jurisdiction to investigate, your organisation will be notified as soon as possible and given details of the complaint.|
The Commissioner may attempt to resolve the complaint by conciliation, or may further investigate the complaint and make a written report containing findings and/or recommendations. The Commissioner’s findings and recommendations are not binding.
If the person is not satisfied with the Commissioner’s findings, they can ask the Administrative Decisions Tribunal to review the conduct or decision. The Tribunal can make legally binding orders including ordering your organisation to correct your conduct or pay compensation of up to $40,000. There is an exception if you are a non-corporate entity (for example an individual practitioner). In that case, the compensation is limited to $10,000.