| Privacy Legislation |
|
Australian legislation at the Federal and State and Territory levels provides some protection of privacy of personal information.
The Privacy Act 1988 and the Information Privacy Principles (IPPs) govern the conduct of Commonwealth agencies in the ways those agencies collect, use, store and disclose personal information.
The Privacy Amendment (Private Sector) Act 2000 (the Amendment Act) was passed by Federal Parliament in December 2000. The Amendment Act extends the Privacy Act 1988 a protect personal information held by private sector organisations by requiring them to comply with National Privacy Principles (NPPs).
The NPPs govern the conduct of private sector organisations in the way those organisations collect, use, store and disclose personal information. The NPPs include stricter requirements for the handling of sensitive information, which includes, for example, an individual's health information, political opinions, religious beliefs, philosophical beliefs or criminal record. The IPPs and the NPPs govern the manner in which personal sensitive and health information can be collected, used or disclosed by Commonwealth and Private Sector Organisations.
In Victoria, two State Acts apply to the collection of personal and health information. The Information Privacy Act 2000 covers all personal information except health information in the public sector. This act adopts ten Information Privacy Principles (IPPs) that are based on the NPPs set out in the Federal Amendment Act 2000.
The Health Records Act 2001, which came into effect on 1 July 2002, covers the handling of all personal information held by Health Service Providers in the Public and Private Sectors. This includes any information about a person's health or disability, information about the donation of body parts, organs or substances and genetic information. The Health Records Act contains a set of eleven principles adapted from the NPPs, the Health Privacy Principles (HPPs).
The Health Records Act creates a scheme to regulate the collection and handling of Health Information in Victoria. It:
 Establishes standards for the handling of health information which are to apply to personal health information collected used and held in the public and private sectors;
Gives individuals an enforceable right of access to their health records that are held by private sector organisations.
The Health Privacy Principles govern the collection, use, disclosure, quality, security, retention and transfer of and access to health information.
Summary of Privacy Legislation in Australia
Commonwealth Government department or agency
Privacy Act 1988
Information Privacy Principles (IPPs)
Section 95 Guidelines
Victorian public or private sector health care service provider or organisation which collects and handles health information in Victoria
Health Records Act 2001
Health Privacy Principles (HPPs)
Statutory Guidelines on Research 2002
Private sector health care service provider (this includes individual medical practitioners)
The Privacy Amendment (Private Sector) Act 2000
National Privacy Principles (NPPs)
Section 95A Guidelines
If it is proposed to undertake medical research involving the collection, and/or use and/or disclosure of personal, sensitive or health information which is identified and without the consent of the individual whose information it is, this may involve a breach of one or more Privacy Principles.
Such research must be reviewed and approved by a properly constituted Human Research Ethics Committee (HREC). In reviewing such research, HRECs must apply the relevant research guidelines:
Section 95 Guidelines; or
Section 95A Guidelines; or
Statutory Guidelines on Research
NHMRC Guidelines Under Section 95 Of The Privacy Act 1988 (Section 95 Guidelines)
Section 95 of the Privacy Act provides a process which acknowledges that in some circumstances the right to privacy must be weighed against justifiable interests that may benefit society as a whole. The conduct of medical research can be one of these circumstances. Section 95 of the Privacy Act allows the National Health and Medical Research Council of Australia (NHMRC), with approval of the Federal Privacy Commissioner, to issue guidelines for the protection of privacy in the conduct of medical research. It is a condition of approval of the section 95 guidelines that the Federal Privacy Commissioner must be satisfied that the public interest in the promotion of medical research outweighs, to a substantial degree, the public interest in privacy. The Section 95 Guidelines establish a process by which HRECs may approve medical research proposals that involve the use or disclosure of personal information held by Commonwealth agencies without consent from the individual concerned. To approval a proposal, the HREC must decide that the public interest in the research outweighs, to a substantial degree, the public interest in the protection of privacy.
The NHMRC has also issued the Section 95A Guidelines which establish a process by which Human Research Ethics Committees may approve proposals that involve the collection use or disclosure of health information held by private sector organisations without the consent from the individual concerned.
Statutory Guidelines on Research
The Victorian Health Services Commissioner is empowered by the Health Records Act 2001 to issue approval guidelines for the purposes of the Health Privacy Principles. In a similar and parallel manner to the NHMRC Section 95 and Section 95(A) guidelines, the Victorian Health Services Commissioner has issued the Statutory Guidelines on Research for the purposes of Health Privacy Principles 1.1 (e) (iii) and 2.2 (g) (iii). The guidelines relate to the collection use and disclosure of health information for the purposes of research or compilation or analysis of statistics which is in the public interest where:
The purpose of the research of the compilation or analysis of statistics cannot be served by the collection use or disclosure of information that does not identify the individual in question or from which the individual's identity can not be reasonably ascertained;
Where it is impracticable to seek the individual's consent to the collection, use or disclosure.
Further Information
Health Services Commissioner www.health.vic.gov.au/hsc
Federal Privacy Commissioner www.privacy.gov.au
Victorian Government http://healthrecords.health.vic.gov.au
NHMRC http://www.health.gov.au/nhmrc/publications/synopses/e26syn.htm
The Common Application Form for Research contains a special section on the Privacy Legislation. This section appears in the Module One Core Application Form. Detailed guidelines about completing the Module One Form appear in the Module One Guidelines.
Researchers (and anyone else who is collecting, disclosing or using health information) are required to provide specific information about how an individual's personal and health information is collected, stored, disclosed and used, to the individual concerned. Individuals must also be advised that they have a right of access to health information about them that is contained in records held in Victorian private and public sector organisations.
An appropriately completed copy of the above statement must be provided to all people currently participating in a research project that has been reviewed by the Clinical Research and Ethics Committee of The Royal Melbourne Hospital at a meeting before 17 July 2002 (ie, people enrolled in research projects before the new Privacy Legislation came into effect and who are still participating in research projects beyond 1 July 2002).
The form should be personally handed to research participants at their next scheduled contact with the researchers.
For people enrolling in research projects that are reviewed by Clinical Research and Ethics Committee after 1 July 2002, researchers must submit the Participant Information and Consent Form (plain language statement) using one of the templates A or B as they appear on this website. In these cases the additional 'Privacy and your Records' statement will not be required.
The provision of information about Privacy and Health Records to research participants is mandated by law and researchers are expected to comply with this requirement.
Recruitment_of_Participants_for_Research - Additional information required to comply with the Health Records Act 2001
| 
