×
We're aware of a cyber security incident affecting the electronic prescriptions provider MediSecure. The eRX Script Exchange (eRX) and the National Prescription Delivery Service (NPDS) continue to operate as usual and have not been impacted. Find out more and read our statement here.

Privacy and managing health information in general practice

Privacy and information security

Healthcare identifiers

Last revised: 24 May 2023

Healthcare identifiers

The use of healthcare identifiers instead of names is useful to protect privacy. However, the adopted identifier system used by your practice must not include any prohibited details. In addition, the identification number should not reveal any health information about the patient.
 

Healthcare identifiers

  • Healthcare identifiers generated by your practice’s desktop system should not include any information from:
    • the patient’s name
    • the patient’s date of birth
    • the patient’s address
    • the patient’s telephone number
    • the patient’s Medicare number
    • any identifier assigned by a government agency
    • any other information that could identify the person.
  • Your practice must not use or disclose a patient’s Medicare number, their individual identifier assigned by or on behalf of a government agency, unless:
    • required to fulfil their obligations to that agency
    • to lessen or prevent a serious threat to life, health or safety or public health and safety
    • required or authorised by law, or for certain law-enforcement purposes.

 
  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising