Q&A with Pegasus Health Privacy Advisor, Rebecca Hawkins

Rebecca Hawkins posing writing

1. How is your health information protected?

The Health Information Privacy Code controls how health information is handled. The Code has 13 rules that set out obligations for organisations to only collect the information they need, to be open with people, and to ensure their information is used and protected appropriately.

If you know your rights, you can help to make sure your information is safe.

2. What are the 13 rules?

The 13 rules cover anything from what sort of information you can collect to how you collect it and what you can use it for.

The Office of the Privacy Commission (OPC) has a full list of these and examples of how they work.

3. What are the key changes?

• There is now a mandatory requirement for businesses to notify the Commissioner and affected individuals of privacy breaches that have (or are likely) to cause serious harm.

• The Commissioner can issue compliance notices to require a business to do (or stop doing) something to comply with the Act. The Commissioner can also direct an organisation to provide information when it has been requested by an individual (known as an access determination).

• Businesses cannot send an individual’s information overseas, unless the overseas country has similar protections, or the individual is informed and consents to the disclosure.

• There are new criminal offences, including misleading an organisation to access someone’s personal information, and for a business to destroy personal information, knowing that a person has requested access to it. The penalty for these offences is a fine of up to $10,000.

For more information please visit the OPC website.

Read the full May newsletter here