×
We're aware of a cyber security incident affecting the electronic prescriptions provider MediSecure. The eRX Script Exchange (eRX) and the National Prescription Delivery Service (NPDS) continue to operate as usual and have not been impacted. Find out more and read our statement here.

Privacy and managing health information in general practice

Use and disclosure of health information

Information transferred overseas

Last revised: 24 May 2023

Information transferred overseas

It is important to consider the privacy implications of transferring health information outside Australia, as some countries have inadequate privacy standards. Once this personal information is disclosed in an unregulated way, it is very difficult to regain control over it.

The need for protection extends to the use of overseas data storage as well as the processing of patient information, such as using transcription and reporting services.

It is recommended to seek patient consent before transferring health information outside Australia (noting that alerting patients to this possibility is a requirement of privacy policies; refer to the module on Privacy policies). However, consent is not strictly necessary in circumstances where reasonable steps have been taken to ensure the overseas recipient does not breach the privacy of that individual, or where the practice believes the overseas recipient is subject to a privacy scheme or law protecting the information in a manner similar to Australia.

 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising