Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Privacy Act & codes


It’s impossible to stop all mistakes. But health agencies must ensure that there are reasonable safeguards in place to prevent loss, misuse or disclosure of health information.

Full rule

(1) A health agency that holds health information must ensure:

(a) that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against:

(i) loss;

(ii) access, use, modification, or disclosure, except with the authority of the agency; and

(iii) other misuse;

(b) that if it is necessary for the information to be given to a person in connection with the provision of a service to the health agency, including any storing, processing, or destruction of the information, everything reasonably within the power of the health agency is done to prevent unauthorised use or unauthorised disclosure of the information; and

(c) that, where a document containing health information is not to be kept, the document is disposed of in a manner that preserves the privacy of the individual.

(2) This rule applies to health information obtained before or after the commencement of this code.

Note: An action is not in breach of this rule if it is authorised or required by or under law: Privacy Act, section 7(4).