Part 1: Introduction and Key Concepts - Privacy NSW : Lawlink NSW

Where am I now? Lawlink > privacynsw > NSW Privacy Laws > Part 1: Introduction and Key Concepts

Print page

Part 1: Introduction and Key Concepts

1.1 Background
1.2 Coverage of the HRIP Act
1.3 Obtaining a person's consent to handle their health information
1.4 Capacity

1.1 BACKGROUND

Who is this handbook for?

The Health Records and Information Privacy Act 2002 (NSW) (the HRIP Act) regulates the collection and handling of people’s health information by New South Wales public and private sector organisations. It applies to organisations that are health service providers or that collect, hold or use health information. The HRIP Act is fully operational from 1 September 2004.

This handbook is for individuals and organisations covered by the HRIP Act. We have written it to help you understand and comply with your legal obligations under the HRIP Act. This handbook contains plain English explanations of the key terms, and provides practical examples of how the HRIP Act might apply in some common scenarios. References to relevant sections of the HRIP Act have been included so that you can read this handbook and the HRIP Act together.

We have addressed the reader directly using the word ‘you’, however sometimes ‘the organisation’ is the better term. Where you see:

it means that the information is specific to organisations in the public sector

it means that the information is specific to organisations in the private sector

At the time of writing this handbook, no case law exists on the HRIP Act. Accordingly the information contained in this handbook is Privacy NSW’s interpretation of the HRIP Act only. The information is advisory, not legally binding, and should not be used as a substitute for legal advice.

The HRIP Act at a glance

The HRIP Act protects the privacy of people’s health information. It does this by requiring those who handle health information to comply with 15 Health Privacy Principles (HPPs). The 15 HPPs are the key to the HRIP Act. They are legal obligations describing what you must do when you collect, store, use or disclose health information. Privacy NSW recommends that you familiarise yourself with the 15 HPPs. The 15 HPPs are contained in Schedule 1 of the HRIP Act (the schedules are at the end of an act).

If you are based in the private sector, you will also need to know about the special private sector provisions in Part 4 of the HRIP Act. These provisions are in addition to the 15 HPPs and they expand on them.

Please click here for a summary of the 15 HPPs. You will find a more detailed discussion of your obligations under the 15 HPPs and the special private sector provisions, set out in Part 2 of this handbook.

Why a separate law to protect health information?

Health information is a highly sensitive type of personal information. Health records often reveal more intimate, private and comprehensive details about a person than can be found in any other records maintained about them.

Given the personal and sensitive nature of health information, people are keen to see that the privacy of their health information is protected. They need to be satisfied whenever they use a health service or provide their health information to any other organisation, that the information will remain confidential. Without such confidence, people may not seek the health care they need. Alternatively, they may provide inaccurate and incomplete information.

In light of this, the NSW government developed the HRIP Act to provide specific and precise statutory protection for people’s health information. The HRIP Act applies to both the public and private sector, insuring a consistent approach to the management of health information throughout the whole of NSW.

1.2 COVERAGE OF THE HRIP ACT

What information does the HRIP Act protect?

The HRIP Act protects the privacy of people’s health information.

Health information

Section 6 (please click here to see Section 6 of the HRIP Act)

Identifies a person

Health information is a particular type of personal information. Personal information is defined in section 5 of the HRIP Act. Personal information is information that identifies a person. The person does not have to be clearly identified in the information. It is sufficient that their identity can be reasonably ascertained from the information.

Example:

In a small town, a medical report containing a person’s date of birth, sex, and medical condition could conceivably lead to identification of the person. In this context, the information would be personal information.

If a person’s identity cannot reasonably be ascertained from the information, then it is not personal information and is not covered by the HRIP Act.

Example

: Statistical data sets and other aggregated information that does not have the potential to identify a person, is not personal information and is not covered by the HRIP Act

Relates to a person’s health or their health services

Health information is personal information or an opinion about a:

person’s physical or mental health or disability, or
person’s express wishes about the future provision of health services for themselves, or
health service provided, or to be provided to a person.

It includes personal information, such as:

genetic information about a person arising from a health service provided to them, that predicts or could predict the health of that person or of their siblings, relatives or descendants.

Health Information includes other personal information collected in providing a health service

Health information also includes other personal information that is not of itself health-related, but which has been:

collected to provide, or in providing, a health service ‘Health service’ is defined in section 4 of the HRIP Act, or
collected in connection with a person’s decision to donate body parts, organs or body substances.

Health Information can be in any form

Paper, electronic, audio, visual etc

The HRIP Act applies to all health information, regardless of the form it is in Section 5(1) of the HRIP Act. Paper, electronic, audio, visual and other types of health information are treated in exactly the same way under the HRIP Act.

Health Information does not need to be recorded in a material form

Health information does not need to be recorded in a material form Section 5(1) of the HRIP Act. Unlike some laws (for example the Freedom of Information Act 1989) which relate only to documents, the coverage of the HRIP Act is very broad. There is also legal authority to suggest that coverage extends to information held in the mind of employees, when acquired in the course of their employment. In the case of Vice Chancellor, Macquarie University v FM [2003] NSWADTAP 43 (determined under the PPIP Act) two Macquarie University staff disclosed information about FM’s conduct as a student of Macquarie University to the University of New South Wales. The information was disclosed during telephone conversations. There was no evidence that the information was previously written down or recorded in a material form by any staff member of Macquarie. Macquarie argued that the meaning of personal information in s.4 of the PPIP Act is limited to information held in a material documentary form, for example, in paper records or electronic storage. Since the information disclosed to the University of New South Wales was merely held in the minds of the Macquarie staff members, Macquarie argued that such information was not protected by the Act. The Appeal Panel did not accept that the meaning of “information” could be read down in this manner.

Macquarie also argued that the PPIP Act does not protect information in the nature of perceptions and knowledge that are obtained independently of university record keeping or collection of data by the University. The Appeal Panel did not accept that the meaning of “personal information” could be read down in this manner.

What about health information collected prior to the commencement of the
HRIP Act?

Section 19 (please click here to see section 19 of the HRIP Act)

The HRIP Act is fully operational from 1 September 2004. The 15 HPPs apply in many cases to all health information, even if it was collected before 1 September 2004.

However, some of the HPPs apply only to health information collected after 1 September 2004. These include HPP 1, HPP 2, HPP 3 and HPP 4 (on collection), and HPP 15 (on the linkage of health records). HPP 13 (on anonymity) applies only to transactions entered into after 1 September 2004.

HPP 7 (on access) including the special private sector provisions in Part 4 of the HRIP Act on access (Part 4, Division 3) and HPP 8 (on amendment) including the special private sector provisions in Part 4 of the HRIP Act on amendment (Part 4, Division 4) apply to all health information collected after 1 September 2004, and to certain health information (refer to section 19(3) of the HRIP Act to see the list). collected before 1 September 2004.

What information is not protected?

Section 5(3) (please click here to see section 5(3) of the HRIP Act)

Health information about a person who has been dead for more than 30 years
The HRIP Act does not cover health information about a person who has been dead for more than 30 years Section 5(3)(a) of the HRIP Act.

Some employee-related health information
The HRIP Act does not cover some employee-related health information. The exact scope of this exemption differs depending on whether the organisation holding the health information is a public or private sector organisation (see below). However, as a matter of best practice and sensible risk management, Privacy NSW encourages organisations to handle all their employee-related health information in accordance with the HRIP Act.

Public sector: ‘information or an opinion about an individual’s suitability for appointment or employment’

	In the public sector, the HRIP Act does not apply to ‘information or an opinion about an individual’s suitability for appointment or employment as a public sector official’. Section 5(3)(m) of the HRIP Act . This exemption is taken from the Privacy and Personal Information Protection Act 1998.
	.
	Example 1 Question: Bill undergoes a pre-employment medical check to assess his suitability for a public sector job in which he would be required to operate heavy machinery. Are the results of the pre-employment medical check protected by the HRIP Act? Answer: No. The results are not protected by the HRIP Act because the HRIP Act does not cover ‘information or an opinion about an individual’s suitability for appointment or employment as a public sector official’. Example 2 Question: Bill then applies for a clerical job in the public sector. All candidates are required to undergo a pre-employment medical check. Are the results protected by the HRIP Act? Answer: Unlike the first example, where Bill’s health was potentially relevant to his ability to do the job (eg. a person’s epilepsy may render them unsuitable to operate heavy machinery), here the relevance of Bill’s health to his suitability for the job is less clear. It is likely that the results would be protected by the HRIP Act because they do not constitute ‘information or an opinion about an individual’s suitability for appointment or employment as a public sector official’. It is also arguable that requiring Bill to do a pre-employment medical check for a clerical role is an unnecessary and excessive collection of health information potentially in breach of HPPs 1 and 2.

Private sector: ‘information about an individual that forms part of an employee record’

In the private sector, the HRIP Act does not apply to ‘information about an individual that forms part of an employee record’.

This exemption is taken from the Federal Privacy Act 1988. It means that the HRIP Act does not protect health information held by a private sector employer about its current and former employees, where that information is held in employee records. However the HRIP Act does protect health information about applicants for private sector employment who have not entered into an employment relationship with the private sector organisation.

Example:
Question:
Bill undergoes a pre-employment medical check for a private sector job in which he would be required to operate heavy machinery. Are the results of the pre-employment medical check protected by the HRIP Act?

Answer:
The results are not protected by the HRIP Act, if Bill accepts the job and the information forms part of his employee record. However, if Bill is not offered the job or decides not to take up the position, the results of his pre-employment medical check are protected by the HRIP Act. This is because Bill is not an employee, and the exemption only applies to information that forms part of an employee record.

Certain other health information

The HRIP Act does not apply to certain other types of health information including:

Health information that is generally available to the public, for example in a generally available publication, library, or the NSW State Archives.
Health information that might be specially protected under other laws, such as a Protected Disclosure, information about a witness on a protected witness program, or information obtained during special police operations.

For a complete list of exemptions to coverage, please refer to section 5(3)(a)-(o) of the HRIP Act.

What about de-identified information?

The HRIP Act applies to information that identifies a person, or from which a person’s identity can reasonably be ascertained. Information that cannot be identified with any person raises far fewer privacy concerns and does not attract the protection of the HRIP Act. This means that you can usually use or disclose de-identified information. De-identified information is information from which identifiers have been permanently removed, or where identifiers have never been included. De-identified information cannot be re-identified more freely and for a broader range of purposes.

Best practice tip

: Although de-identified information raises fewer privacy concerns, Privacy NSW recommends that you still notify people of potential uses of their de-identified data in the interests of transparency. For example, if you regularly provide de-identified health data to a university for research purposes, then you should make reference to this in your privacy policy, or notify the person at the time you collect their health information.

Who must comply with the HRIP Act?

You must comply with the HRIP Act if:

you are a health service provider or
you collect, hold or use health information

The HRIP Act applies to both the NSW public and private sector.

NSW organisations (includes individuals)

Section 4 (please click here to see section 4 of the HRIP Act)

The HRIP Act applies to organisations that are health service providers or that collect, hold or use health information. An ‘organisation’ is defined as a public sector agency or a private sector person. This means that individuals (such as GPs) are covered by the HRIP Act as private sector persons. It also means that the HRIP Act applies to both the NSW public and private sector.

Public sector agency

The term ‘public sector agency’ The term ‘public sector agency’ is defined in section 4 of the HRIP Act. It includes most NSW State government departments and statutory authorities, and all local and county councils in NSW.

Tip for compliance:
In the public health system, the public sector agency is the Area Health Service, not the hospital.

Example:
Question: Jane believes that a particular employee in a public sector agency breached her health privacy. Is this situation covered by the HRIP Act?

Answer: Yes. The HRIP Act applies to public sector agencies. This includes employees of public sector agencies. Employees must handle health information in accordance with the HRIP Act. The public sector agency is responsible for any privacy breaches committed by its employees.

Private sector person

The term ‘private sector person’ The term ‘private sector person’ (section 4 of the HRIP Act) is defined as a natural person (for example a GP, physiotherapist, optometrist), a body corporate (including state-owned corporations), a partnership, a trust or any unincorporated association or body.

Tip for compliance:
Not-for-profit organisations and non-government organisations will often come within the definition of private sector person.

NSW organisations that are health service providers

The HRIP Act applies to all health service providers.

What is a health service provider?

Section 4 (please click here to see section 4 of the HRIP Act)

Health service providers provide a health service. ‘Health service’ is defined in section 4 of the HRIP Act to mean any of the following services, whether provided as public or private services:

medical, hospital, nursing, dental, mental health, pharmaceutical, ambulance, community health, health education services
welfare services necessary to implement any of the above services
services provided by podiatrists, chiropractors, osteopaths, optometrists, physiotherapists, psychologists and optical dispensers in the course of providing health care
services provided by dieticians, masseurs, naturopaths, acupuncturists, occupational therapists, speech therapists, audiologists, audiometrists and radiographers in the course of providing health care
services provided in other alternative health care fields in the course of providing health care

Other NSW organisations that collect, hold or use health information

The HRIP Act also applies to other organisations that collect, hold or use health information.

Tip for compliance

Even if your organisation is not a health service provider, chances are it will still collect, hold or use some health information. Most organisations handle health information in some capacity, usually about clients or employees. As a risk management tool, it may be useful to undertake an audit of your organisation’s processes to identify how and where your organisation handles health information and change processes where necessary.

When does an organisation ‘collect, hold or use’ health information?

An organisation ‘collects’ health information, if it gathers, acquires or obtains it directly from the person to whom it relates or from another source. For more on collection, see Part 2.1 of this handbook.

Section 9 of the HRIP Act sets out what constitutes ‘holding’ information. An organisation holds Health information if the information is in the organisation’s possession or control, or in the possession or control of a person employed or engaged by the organisation.

An organisation ‘uses’ health information when it communicates or handles it within the organisation. For more on use, see Part 2.3 of this handbook.

Exemption for small business operators

Businesses with an annual turnover of $3 million or less are exempt from complying with the HRIP Act unless the business provides a health service, or is related to another business (for example it is a holding company or subsidiary) that has an annual turnover of more than $3 million The exemption for small business operators is taken from the Federal Privacy Act 1988. If you need more information on this exemption you should refer to section 6D of the Federal Privacy Act 1988 and the definitions of that Act generally. The meaning of the words "small business operator" in the HRIP Act is taken from section 6D of the Federal Privacy Act 1988.

Example:
Question:
Is a chiropractor with an annual turnover of less than $3 million exempt from complying with the HRIP Act?

Answer:
No. A chiropractor is a health service provider. All health services providers are covered by the HRIP Act, regardless of their annual turnover.

Best practice tip: Small business operators with an annual turnover of less than $3 million may still choose to opt in to the HRIP Act

How does the HRIP Act relate to existing laws, codes and guidelines?

Relationship with professional and ethical codes and standards

If you are already bound by existing professional and ethical codes of practice, you will continue to be bound by these. The HRIP Act is intended to support and operate alongside existing professional and ethical codes of practice.

Relationship with confidentiality

Health information has traditionally been protected by the doctrine of confidentiality. The obligation of confidentiality is owed to the person who provides the information. In some cases this will mean that the obligation is owed to the person to whom the information relates, however in other cases it will mean that the obligation is owed to another health practitioner or organisation.

Privacy continues to respect and support the principle of confidentiality. Privacy, however, approaches things a little differently. Privacy recognises that health practitioners today interact with a host of others, and that health information is handled by a broad spectrum of people including pharmacists, support staff, lawyers and employers. Not all of the people who handle health information are bound by a duty of confidentiality. Privacy legislation attempts to cover the wide range of ways that health information is handled. It does this by entitling the person, who is the subject of the health information, to have the greatest possible control over the flow of their own information. Privacy is an obligation to the subject of the information. The obligation exists regardless of who actually provided the information.

What if you have obligations under the Federal Privacy Act and the HRIP Act?

If you are from the private sector, you may have obligations under both the Federal Privacy Act 1988 and the HRIP Act. If you have obligations under both Acts, then you should comply with both Acts concurrently. This will be possible in most cases. The underlying principles of the two pieces of legislation are the same, and the privacy protections are similar. However, the Australian Constitution says that where a law of the State is inconsistent with a law of the Commonwealth, the latter will prevail to the extent of the inconsistency.

What if you have obligations under the PPIP Act and the HRIP Act?

NSW public sector agencies will have obligations under both the Privacy and Personal Information Protection Act 1998 (the PPIP Act) and the HRIP Act. The HRIP Act takes health information out of the PPIP Act and gives it specific protection. However, the PPIP Act will continue to apply to all other personal information that is not health information.

The HRIP Act and the PPIP Act are designed to stand side-by-side and complement each other. Public sector agencies should not have any difficulties complying with both Acts concurrently.

What if you are required by another law to collect, use, disclose or hold health information?

You may already have obligations to collect, use, disclose or hold health information under other laws. For example you might be required to:

disclose health information to the Department of Community Services (DOCS) where a child or young person is at risk of harm under section 23 of the Children and Young Persons (Care and Protection) Act 1998
disclose health information involving notifiable diseases pursuant to the Public Health Act 1991
retain health information in accordance with the State Records Act 1998.

The HRIP Act does not override these other laws. You can continue to collect, use, disclose or hold health information as authorised, required, or permitted under any other State, Territory or Commonwealth laws. Most of the HPPs contain a ‘required or authorised by law’ exemption. See for example HPP 4(4)(c), HPP 5(2), HPP 6(2), HPP 7(2), HPP 8(4), HPP 10(2), HPP 11(2), and HPP 15(2).

1.3 OBTAINING A PERSON’S CONSENT TO HANDLE THEIR HEALTH INFORMATION

Consent is an important concept under the HRIP Act, and is a good guiding principle when you handle a person’s health information.

Privacy NSW is of the view that wherever possible you should obtain the person’s consent before collecting, using or disclosing their health information. Provided you have their valid consent, you have permission to use the information appropriately. Gaining consent is not only best practice in terms of privacy protection, but is also sensible risk management.

You should respect the person’s right to determine how their health information is collected, used or disclosed, and provide them with the necessary information to enable them to exercise this right. Consent is only valid where it is fully informed, and where the person has the capacity to give it.

Elements of consent

This section explains the concept of consent as it relates to the handling of health information. It does not encompass consent to medical or dental treatment.

The term ‘consent’ is not defined in the HRIP Act. However it is Privacy NSW’s view that for consent to be valid it must be voluntary, informed, specific, current, and given by a person who has the capacity to give it These five elements of valid consent are reproduced from the Privacy NSW Best practice guide on privacy and people with decision-making disabilities.

Consent must be voluntary

A person must be free to exercise genuine choice about whether to give or withhold consent. Consent must be given without coercion or threat. Sufficient time to must be allowed to understand the request and, if appropriate, take advice.

Consent must be informed

Generally, a person must have reasonable knowledge of all the relevant facts before they give or refuse consent. Providing incorrect or misleading information may mean that a person’s consent is invalid.

Examples of relevant facts include:

the purpose of collecting the health information
who will have access to what parts of the health information
what the recipient will use the health information for
who the health information will be passed on to
whether providing the health information is voluntary or required by law
the consequences of giving or refusing consent

Tip for compliance

: you are required by

HPP 4

to notify the person of the above points when you collect health information about them anyway.

Consent must be specific

Consent must be reasonably specific. Reliance on general, blanket or bundled consents can be problematic.

Tip for compliance:

When drafting consent forms you should avoid ‘bundled’ consent. A consent form asking a person to tick one box to indicate their consent to multiple items (e.g. consent to treatment, consent to share their health information with relevant members of the treating team, and consent to use or disclose their details for fundraising purposes) is inappropriate. It is preferable that the consent form asks the person to tick separate boxes indicating their consent to each request.

Consent must be current

Consent has a ‘use-by’ date. Consent given in particular circumstances cannot be assumed to endure indefinitely with the passage of time and changes of circumstance. Good practice is to inform the person of a specified period for which the consent will be relied on in the absence of any material change of circumstances that the organisation knows or ought reasonably to know. Organisations should also make it clear that a person is entitled to change their mind and revoke consent later on.

Notifying a person is not the same as seeking their consent

Notifying a person of what you intend to do with their health information (for example by way of a standard brochure, form, or privacy policy) is not the same as seeking their consent to do those things.

HPP 4 requires you to notify a person of certain matters, including details of who you would normally provide their health information to. There is no doubt that if people are told who is likely to see their health information and what will be used for, they are less likely to be surprised or angered when their health information is handled in that way. However, unless you actually give the person the choice of agreeing or disagreeing to what you propose, you are not seeking their consent.
�
Accordingly, fulfilling your notification obligations under HPP 4 is not the same as seeking a person’s consent. Fulfilling your notification obligations under HPP 4 merely equips the person with the necessary knowledge to give or withhold informed consent. However, if you have notified the person that their information could be used or disclosed in a particular way, then there is a more persuasive argument that such a use or disclosure would be within the person’s ‘reasonable expectations’. This would put you in a better position to rely on the ‘directly related secondary purpose within the reasonable expectations of the individual’ exemption to use and disclosure in HPPs 10(1)(b) and 11(1)(b). For more information, see Part 2.3 of this handbook.

Is express or implied consent required?

Under the HRIP Act, consent may usually be either express or implied. It is generally preferable to seek express consent, although it will depend on the nature of the health information and the proposed conduct.

In two circumstances the HRIP Act specifically requires express consent from the person. These are:

under HPP 4, where a person can expressly consent to waive their right to be notified when health information is collected about them, and
under HPP 15, where a person’s express consent is needed to participate in a state or national electronic health records system.

Express consent

Express consent is consent that is clearly and unmistakably communicated. Express consent may be given in writing, orally or in any form where the consent is clearly communicated. Wherever practicable, express consent should be sought in writing. If a person gives their express consent orally or by other means such as through a language or sign interpreter, you should document this in your records.

Implied consent

Implied consent is consent that can reasonably be inferred from a person’s conduct or actions. However, it may be difficult to demonstrate that a person has genuinely consented, if consent is merely inferred by an organisation. Because of this, it is generally preferable to seek a person’s express consent.

If you intend to rely on implied consent, you should be careful not to make assumptions that are not based on fact. For example, it may not be appropriate to infer consent just because a person has not stated their objection to the proposed conduct. The person may not have heard, may not have understood or may have had insufficient information to make an informed decision about the conduct.

Can a person withhold consent?

Where a person will not consent to the use of their information, the refusal must be respected. If you believe that the refusal will cause detriment to the person, you should explain any implications of the refusal.

Are there times when consent is not needed?

The HRIP Act recognises that there are a range of circumstances where the consent of the person is not required in order to lawfully use or disclose their health information. These circumstances are discussed in Part 2.3 of this handbook. The most important examples include where:

You are using or disclosing the person’s health information for the primary purpose for which it was collected.
You are using or disclosing the person’s information for a directly related secondary purpose, and the person would reasonably expect that use or disclosure.
You are lawfully authorised or required to use or disclose the person’s health information in that way.

Are there times when it is impracticable to seek a person’s consent?

Sometimes it will be impracticable for you to seek the person’s consent to use or disclose their health information. This may be the case, for example, where you collected the information many years ago and you now seek to use or disclose it for a secondary purpose (such as to a researcher for a research project).

However the fact that seeking consent is inconvenient or would involve some effort or expense is not of itself sufficient to warrant it impracticable. Some examples of where it might be impracticable to seek a person’s consent include if:

the age and / or volume of the information is such that it would be very difficult or even impossible to track down all the individuals involved in order to seek their consent
there are no current contact details for the individuals in question and there is insufficient information to get up-to-date contact details in order to seek their consent

1.4 CAPACITY

Sometimes people lack the capacity to give consent to, and make decisions about, the collection, use or disclosure of their health information. A person’s incapacity may be due to youth, age, mental illness, intellectual disability, dementia, brain injury, illness, accident or disease. For some people the incapacity may be temporary, for others it may be permanent.

Where a person lacks capacity to make an informed decision under the HRIP Act, an authorised representative can make decisions on the person’s behalf. However the person to whom the information relates should always be involved in the decision to the greatest extent possible.

Sections 7 (please click here to see section 7 of the HRIP Act)

Sections 8 (please click here to see section 8 of the HRIP Act)

How do you assess a person’s capacity under the HRIP Act?

Test for capacity

The HRIP Act establishes a test for capacity Section 7 of the HRIP Act . The test is that a person lacks capacity to make decisions under the HRIP Act if they:

are unable to understand the general nature and effect of a particular decision or action under the HRIP Act, or
cannot communicate their intentions or consent (or refusal of consent) to the decision or action under the HRIP Act.

It is acknowledged that applying this test for capacity involves making difficult judgements and considering complex issues.

Capacity depends on the support provided to make a decision

A person’s capacity may depend on whether appropriate support is provided to enable them to exercise their capacity. For example, many people with an intellectual disability are capable of making decisions, if information is communicated in a way that is appropriate to their abilities and usual methods of understanding. If a person has a low level of English language proficiency or is from a culturally diverse background, it is important to provide information in their first language or in a manner that is culturally appropriate so that they can exercise their capacity to the greatest possible extent.

A ‘bad’ decision does not indicate incapacity

A person may make a decision that you regard as uninformed or misguided but still have capacity. To have capacity, a person does not need to make what other people might regard as a ‘good’ or ‘right’ decision, or even a decision that may be in the person’s best interests. A person only needs to understand the general nature and effect of a particular decision or action and be able to communicate their intentions or consent.

When should you deal with an authorised representative?

Where a person lacks the capacity under the HRIP Act to make a decision about their health information, the HRIP Act provides Section 8 of the HRIP Act that the following ‘authorised representatives’ may make the decision on behalf of that person:

someone who has an enduring power of attorney for the person
a guardian as defined in the Guardianship Act 1987
a ‘person responsible’ under section 33A of the Guardianship Act 1987
if the person is a child under the age of 18, a person who has parental responsibility for them
any other person who is authorised by law to act for or represent the person (including an executor or administrator of a deceased estate).

Young people and capacity

Young people have the right to privacy of their health information and to make their own decisions regarding this privacy where they have the capacity to do so. Parents and guardians do not have automatic access to the health information relating to a young person in their care, and you should not automatically disclose a young person’s health information to a parent or guardian.

The HRIP Act does not specify at what age a person has the capacity to give consent for the collection, use or disclosure of their health information. This means that you should assess the young person’s capacity in accordance with the general test for capacity set out above. Assessment must be done on a case-by-case basis.

Where the young person is assessed as lacking capacity under the HRIP Act and is less than 18 years of age, a parent who has parental responsibility for the young person can act as the young person’s authorised representative. In these cases you are permitted to discuss the young person’s health information with his or her parent(s).

Best Practice Guide on People with Decision Making Disabilities

Previous Page | Back to Lawlink Home | Top of Page

Last updated 16 February 2007

Crown Copyright �

Hosted by