×
We're aware of a cyber security incident affecting the electronic prescriptions provider MediSecure. The eRX Script Exchange (eRX) and the National Prescription Delivery Service (NPDS) continue to operate as usual and have not been impacted. Find out more and read our statement here.

Privacy and managing health information in general practice

Information management for patients

Collection of health information

Last revised: 24 May 2023

Collection of health information

Patients should be notified about how their information might be used or disclosed and what rights of access they will have.
 

Key points: Collection of health information

  • Your practice should not collect health information unless the patient consents and the information is required for the delivery of healthcare.
  • Your practice must collect personal information in an ethical and fair manner (without being intrusive or using methods of intimidation).
  • Consent is not required where::
    • the health information is collected in accordance with the policy and framework established by ‘competent health or medical bodies’7
    • it is unreasonable to seek it and the collection is necessary to ‘lessen or prevent a serious threat to life, health or safety’ of an individual or the public7
    • other exceptions also apply.
  • Unsolicited information (received without asking) must be destroyed, unless your practice would typically and ethically collect that information.


Receiving health information from third parties

While GPs obtain most health information directly from the patient (and should do so wherever possible), they also receive information from third parties; including guardians or other health professionals involved in the patient’s care.

Where personal information is received without the GP asking for it, GPs need to consider whether they would have usually collected that information. If not, the information should be destroyed or de-identified.

 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising