Appendix 6: Health Privacy Principles

Collection

1. Lawful
When an organisation collects health information from an individual patient, the information must be collected for a lawful purpose. It must also be directly related to the organisation’s activities and necessary for that purpose.

2. Relevant
The organisation must ensure that health information is relevant, accurate, up to date and not excessive. The collection should not unreasonably intrude into a patient’s personal affairs.

3. Direct
A patient’s health information must be collected directly from that individual, unless it is unreasonable or impracticable for the organisation to do so.

4. Open
Patients must be told why their health information is being collected, what will be done with it, and who else might see it. They must also be told how they can see and correct their health information, and any consequences if they decide not to provide it.

Even if an organisation collects health information about a patient from someone else, they must still take reasonable steps to ensure that the patient is aware of the above points.

Storage

5. Secure
A patient’s health information must be stored securely, not kept any longer than necessary, and disposed of appropriately. It should be protected from unauthorised access, use or disclosure.

Access & Accuracy

6. Transparent
The organisation must provide patients with details about what health information they are storing, why they are storing it and what rights patients have to access it.

7. Accessible
The organisation must allow patients to access their health information without unreasonable delay or expense.

8. Correct
The organisation must allow patients to update, correct or amend their health information where necessary.

9. Accurate
The organisation must make sure that a patient’s health information is relevant and accurate before using it.

Use

10. Limited
The organisation can only use a patient’s health information for the purpose for which it was collected, or a directly related purpose that the patient would expect. Otherwise they can only generally only use it with the patient’s consent. (The ‘training exemption’ specifies limited circumstances in which this principle does not strictly apply).

Disclosure

11. Limited
The organisation can only disclose a patient’s health information for the purpose for which it was collected, or a directly related purpose that the patient would expect. Otherwise they can only disclose it with the patient’s consent. (The ‘training exemption’ specifies limited circumstances in which this principle does not strictly apply).

Identifiers & Anonymity

12. Not identified
An organisation can only give patients identification numbers if it is reasonably necessary to carry out their functions efficiently.

13. Anonymous
Patients are entitled to receive health services anonymously, where this is lawful and practicable.

Transferrals & Linkage

14. Controlled
A patient’s health information can only be transferred outside New South Wales in accordance with HPP 14.

15. Authorised
A patient’s health information can only be included in a system to link health records across more than one organisation if the patient expressly consents to this.

The ‘Training Exemption’ to Health Privacy Principles 10 and 11

The HRIPA, as described in the Statutory Guidelines on Training, recognises that medical students may need to access identifying health information in a number of ways as part of their training including:

  • observing the provision of health services to patients;
  • directly providing health services to a patient under supervision;
  • attending case conferences and team meetings where patient management issues are discussed;
  • attending demonstrations of, or learning to use, clinical and administrative information systems relevant to their role;
  • reviewing patient records.

The training exemption is in effect a privilege extended to medical students in recognition of the strong public interest in training doctors effectively.

The training exemption only applies to your access to the patient’s information, where it is essential to your training. You must not allow any information about the patient to be disclosed outside this context if it could reasonably lead to the identification of the patient concerned.

Whenever you discuss or make notes about a patient as part of your training, you (and your supervisors) should take ‘reasonable steps’ to use de-identified information. Removing the name and address may not always be enough, particularly if there are unusual features in the case, a small population, or there is a discussion of a rare clinical condition. Reasonable steps to de-identify might also include removing other features, such as date of birth, ethnic background, and diagnoses that could otherwise allow an individual to be identified.

Wherever practicable, students must still ensure that patients have consented to the disclosure and usage of their ‘health information’ for training purposes. The fact that seeking consent is inconvenient or would involve some effort or expense is not of itself sufficient to warrant it ‘impracticable’. However it is recognised that in some circumstances, a valuable training experience would be lost if consent were an absolute requirement. The Statutory Guidelines on Training of the HRIPA therefore permit students and their supervisors exemptions where consent is ‘impracticable’. Examples include where the patient is unconscious or in an emergency where an approach to the patient is prohibited by the urgency of the situation.