|
Where am I now? Lawlink > privacynsw > For Government > Frequently asked questions (for the public sector)
|
Print page
|
Frequently asked questions (for the public sector)
General
What is privacy?
What is personal information?
What is health information?
What are the information protection principles?
What are the health privacy principles?
Procedures
Can we put a public register on the internet?
Health Records
What is the relationship between the PPIP Act and the HRIP Act?
Is my organisation covered by the HRIP Act?
Are state -owned corporations covered by the HRIP Act?
Do I need a separate health information privacy policy under the HRIP Act?
General
What is privacy?
Privacy has sometimes been described as:
- the right to be left alone, or
- the right to exercise control over one’s personal information, or
- a set of conditions necessary to protect our individual dignity and autonomy.
We often think about privacy in different ways, for example:
- physical privacy - such as bag searching, use of our DNA
- information privacy – the way in which governments or organisations handle our personal information such as our age, address, sexual preference and so on.
- freedom from excessive surveillance – our right to go about our daily lives without being surveilled or have all our actions caught on camera. More>>
What is personal information?
Personal information is any information or opinion about an identifiable person. This includes records containing your name, address, sex, etc., or physical information like fingerprints, body samples or your DNA. More>>
What is health information?
‘Health information’ is a specific type of personal information. Health information includes personal information that is information or an opinion about the physical or mental health or a disability of an individual.
Health information also includes personal information that is information or an opinion about:
- a health service provided, or to be provided, to an individual
- an individual’s express wishes about the future provision of health services to him or her
- other personal information collected in connection with the donation of human tissue
- genetic information that is or could be predictive of the health of an individual or their relatives or descendants.
If your organisation is a health service provider, ‘health information’ includes all of the above plus any other personal information collected to provide, or in providing a health service.
‘Health information’ is defined in section 6 of the HRIP Act.
What are the information protection principles?
The 12 information protection principles (IPPs) are the key to the Privacy and Personal Information Protection Act (PPIP Act). They are legal obligations that describe what NSW government agencies (including statutory bodies and local councils) must do when they handle personal information. The 12 IPPs cover the collection, storage, use and disclosure of personal information as well as access and correction rights.
See a plain English version of the IPPs or see the full text of the IPPs.
However, in some cases, government agencies do not have to follow one or more of the IPPs, for example when information is being used for law enforcement (see a list of the major exemptions to the IPPs). For more information about these exemptions, contact the Privacy Contact Officer in the agency or Privacy NSW.
What are the health privacy principles?
The 15 health privacy principles (HPPs) are the key to the Health Records and Information Privacy Act (HRIP Act). They are legal obligations describing what NSW public sector agencies and private sector organisations and individuals, such as businesses, private hospitals, GPs, gyms and so on must do when they handle health information. The 15 HPPs lay down the basic rules of what an organisation must do when it collects, stores, uses and discloses health information. The HPPs also cover access and correction rights.
See a plain English version of the HPPs.
However, in some cases, organisations do not have to comply with one or more of the HPPs. For more information about exemptions, see the full text of the HPPs, or contact the Privacy Contact Officer in your organisation or Privacy NSW.
What is a public sector agency?
The term ‘public sector agency’ includes most State government departments and statutory authorities, and all local and county councils in NSW. State-owned corporations (such as RailCorp and Sydney Water) are not public sector agencies. If you are not sure whether the organisation that you are complaining about is a 'public sector agency', contact Privacy NSW or the organisation itself.
Procedures
Can we put a public register on the internet?
We have developed a Fact Sheet on this issue. See Fact Sheet No.7.
Health Records
What is the relationship between the PPIP Act and the HRIP Act?
Since 1 July 2000, the PPIP Act has protected the privacy of all personal information (including health information) collected or held by NSW public sector agencies.
With the commencement of the HRIP Act, health information will be taken out of the definition of personal information covered by the PPIP Act.
So, from 1 September 2004, the PPIP Act will no longer regulate health information, but will continue to regulate all other personal information collected or held by NSW public sector agencies. Health information will be specifically protected by the HRIP Act.
Is my organisation covered by the HRIP Act?
The HRIP Act covers all NSW public sector agencies and private sector persons or organisations in New South Wales that provide a health service or that collect, hold or use health information.
All health service providers are covered by the HRIP Act, regardless of their annual turnover.
Small businesses (mostly, organisations with an annual turnover of $3 million or less) are exempt from the HRIP Act. Click here to see the definition of ‘small business’, which comes from the Federal Privacy Act.
Are state owned corporations covered by the HRIP Act?
Yes. State-owned corporations will be considered ‘private sector persons’ as defined in section 4 of the HRIP Act. They will therefore be covered by the HRIP Act.
Do I need a separate health information privacy policy under the HRIP Act?
Not necessarily. If your organisation is already covered by a privacy law (such as the PPIP Act), it is best to approach implementation of the HRIP Act in an integrated way.
For example your organisation’s privacy policy statement could address the way that your organisation deals with personal information and health information under the privacy laws by which it is bound. The preamble might state:
“This privacy policy details how the organisation deals with personal information and health information it collects to ensure that it complies with the Privacy and Personal Information Protection Act 1998 (NSW) OR the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002. In the privacy policy, a reference to ‘information’ is a reference to both health information and personal information.”
|
|
