×
We're aware of a cyber security incident affecting the electronic prescriptions provider MediSecure. The eRX Script Exchange (eRX) and the National Prescription Delivery Service (NPDS) continue to operate as usual and have not been impacted. Find out more and read our statement here.

Privacy and managing health information in general practice

About this resource

Last revised: 24 May 2023

About this resource

General practice has a responsibility to protect the privacy of patient health information and be compliant with relevant legislation.  

This resource provides an overview of the legislative framework that regulates the way personal information is handled – the Privacy Act 1988, the 13 Australian Privacy Principles (APPs), and other relevant health records legislation within the general practice setting.

The appropriate management of health information in general practice goes beyond just privacy considerations and this resource also provides best practice guidance on:

  • patient consent
  • patient rights
  • management and security of medical records
  • information used in medical research.
The content of this resource is intended as a general guide only. The Royal Australian College of General Practitioners (RACGP) recommends you seek appropriate legal or professional advice to support your practice meeting its privacy requirements.

 

Australian Privacy Principles

The APPs provide a universal framework and focus on transparency in the following five areas:

  • APPs 1, 2: management of personal information
  • APPs 3–5: collection of personal information
  • APPs 6–9: use of personal information
  • APPs 10, 11: integrity and security of personal information
  • APPs 12, 13: access to and correction of personal information.1
     
Australian Privacy Principles - a summary for AFP entities

Reproduced with permission from the Australian Government, Office of the Australian Information Commissioner.1

 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising