63.1 In this chapter the ALRC considers those elements of the privacy principles that deal specifically with the handling of health information. As discussed in Chapter 60, the ALRC’s view is that these elements should be set out in new Privacy (Health Information) Regulations.[1] This approach is intended to ensure that the Unified Privacy Principles (UPPs) remain as brief, general and accessible as possible for those agencies and organisations that do not handle health information. For those agencies and organisations that do handle health information, however, the ALRC recommends that the Office of the Privacy Commissioner (OPC) publish a document setting out the UPPs as amended by the new Privacy (Health Information) Regulations. This document will provide a complete set of privacy principles covering health information, as well as other personal information.[2]

63.2 The Privacy Act and, in particular, the National Privacy Principles (NPPs) make specific provision for handling health information in a range of circumstances. Each of these provisions is discussed below, including: the collection of family medical history information; the disclosure of health information to a person who is ‘responsible’ for an individual, where the individual is physically or legally incapable of giving consent; and the disclosure of genetic information to genetic relatives. The chapter also considers a number of principles drawn from the draft National Health Privacy Code, and recommends that they be included in the Privacy (Health Information) Regulations. These include principles relating to the transfer of health information from one health service provider to another when a health consumer changes practices,[3] and the compulsory use of intermediaries where a health service provider has refused to provide a health consumer with access to his or her health information.[4]

[1] Rec 60–1.

[2] Rec 60–2.

[3] Rec 63–5.

[4] Rec 63–3.