Use and disclosure of health information

Information transferred overseas

  1. References

Last revised: 24 May 2023

Information transferred overseas

It is important to consider the privacy implications of transferring health information outside Australia, as some countries may not offer adequate privacy protections. Once personal information is disclosed in an unregulated way, it can be difficult to regain control over it. 

This includes the use of overseas data storage and processing of patient information, such as transcription and reporting services. 

Under the Privacy and Other Legislation Amendment Act 2024, the Australian Government may approve a whitelist of countries or binding schemes that provide substantially similar privacy protections to Australia’s. Transfers to entities in these jurisdictions may not require additional safeguards. 

Where no whitelist applies, organisations must take reasonable steps, including implementing technical and organisational measures to ensure patient information is safe. 

It is recommended patient consent is obtained before transferring health information outside Australia. Privacy policies must inform patients their information may be disclosed overseas. Consent is not strictly required if the organisation takes reasonable steps to ensure the overseas recipient will protect the information in line with Australian privacy standards. This includes situations where the recipient is subject to a privacy law or scheme that offers comparable protection. 

 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log

Advertising