07. Information and Health Privacy Law
State and territory privacy legislation
7.36 Most state and territory government bodies and local governments are not covered by the Privacy Act. In particular, public hospitals and other state, territory or local government health service providers are not subject to the Privacy Act. Further, private sector health service providers working under contract for a state, territory or local government agency are not covered by the Privacy Act.
7.37 Some States and Territories have information or health privacy legislation that is applicable to the handling of genetic information. This legislation applies privacy principles similar to those in the Privacy Act to ‘personal information’, ‘health information’ or ‘personal health information’ as those terms are defined in the various Acts. In summary, the coverage of this legislation is as follows:
- In New South Wales, the Privacy and Personal Information Protection Act 1998 (NSW) regulates the privacy of health and other personal information handled by the New South Wales public sector. When it comes into force towards the end of 2003, the Health Records and Information Privacy Act 2002 (NSW) will regulate the privacy of health information handled by the New South Wales private and public sectors.
- In Victoria, the 2001 (Vic) regulates the privacy of health information handled by the Victorian private and public sectors. The Information Privacy Act 2000 (Vic) regulates personal information handled by the Victorian public sector.
- health information handled by the ACT private and public sectors.
7.38 In addition to privacy legislation, the Commonwealth, States and Territories have other legislation relating to the administration of public health services, which contains provisions to protect the confidentiality of genetic and other health information obtained by public sector health administrators and health service providers in the course of their employment. The operation of this legislation is not the subject of specific consideration in this Report.
 However, state or territory bodies that are incorporated companies, societies or associations are deemed to be organisations for the purposes of the Privacy Act and will be subject to the legislation. There is a provision in the legislation for these bodies to be prescribed out of the coverage of the Privacy Act: s 6C.
 Although some Commonwealth services provided within state or territory public hospitals and those provided under contract to the Commonwealth, such as clinical services for the Department of Veterans’ Affairs may be covered by the Privacy Act: s 8.
 Although they may be covered by state or territory information or health privacy legislation.
 Australian Health Ministers’ Advisory Council National Health Privacy Working Group, National Health Privacy Code (draft) Consultation Paper (2002), AHMAC, Canberra, 8.
 For example, Health Insurance Act 1973 (Cth); National Health Act 1953 (Cth); Health Administration Act 1982 (NSW); Private Hospitals Regulations 1996 (NSW); Nursing Homes Regulation 1996 (NSW); Day Procedure Centres Regulation 1996 (NSW); Health Services Act 1988 (Vic); South Australian Health Commission Act 1976 (SA).