Privacy and managing health information in general practice

Privacy and information security

Health research

Last revised: 24 May 2023

Health research

 

Health research

Key points include:

  • health research participant consent must be obtained
  • research data should be de-identified at the earliest possible time
  • researchers must strictly comply with both privacy and ethical obligations when conducting research using human participants.


Participant consent is paramount in health research that uses human participants, where patient data is identified, and this is reflected in the legal and ethical principles governing health research.

Patients should understand what the proposed research involves, the ways in which their information will be used or disclosed, the risks and benefits of agreeing to participate and whether the research will be published.

Ethical obligations include ensuring the research design clearly collects informed consent, avoiding publishing identifiable information (unless participants have consented otherwise) and informing participants of the potential to be identified even from de-identified material.

For more information, refer to the NHMRC’s National statement on ethical conduct in human research (updated 2018) and the Therapeutic Goods Administration’s Australian Clinical Trial Handbook.

Considerations when participating in health research

Patients should be made aware your practice might use de-identified health information for public health research. This might be done by way of an information sheet in the waiting room.

Interaction between the Privacy Act and health research

In addition to privacy obligations, practices must comply with all ethical requirements for research conducted on human participants.

For example, where human research has approval to publish identifiable health information, practices must ensure all relevant Privacy Act requirements are satisfied beforehand. The safest approach is obtaining written participant consent.

The option to use health information for a secondary purpose is also left open by the Privacy Act, if it is reasonable to expect this information will be used in health research (refer to Use for primary and secondary purposes). This might include use for quality improvement activities within the practice.

If in doubt as to whether the proposed research is directly related to the purpose for which the information was collected or within the reasonable expectations of the patient, written consent should be obtained.
 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising