The Health Privacy Principles (HPPs) explained for members of the public

Fact sheet - Health Privacy Principles for the public May 2014 (PDF, 192kb)

The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act 2002 (HRIP Act). 

These are legal obligations which NSW public sector agencies and private sector organisations must abide by when they collect, hold, use and disclose a person’s health information. Exemptions may apply, therefore it is suggested you contact the Privacy Contact Officer or the Health Information Manager in the organisation or agency in the first instance. Or contact the Information and Privacy Commission NSW (IPC) for further advice.

Collection

1. Lawful

An agency or organisation can only collect your health information for a lawful purpose. It must also be directly related to the agency or organisation’s activities and necessary for that purpose.

2. Relevant

An agency or organisation must ensure that your health information is relevant, accurate, up-to-date and not excessive. The collection should not unreasonably intrude into your personal affairs.

3. Direct

An agency or organisation must collect your health information directly from you, unless it is unreasonable or impracticable to do so.

4. Open

An agency or organisation must inform you of why your health information is being collected, what will be done with it and who else might access it. You must also be told how you can access and correct your health information, and any consequences if you decide not to provide it.

Storage

5. Secure

An agency or organisation must store your personal information securely, keep it no longer than necessary and dispose of it appropriately. It should also be protected from unauthorised access, use or disclosure.

Access and accuracy

6. Transparent

An agency or organisation must provide you with details regarding the health information they are storing, why they are storing it and what rights you have to access it.

7. Accessible

An agency or organisation must allow you to access your health information without unreasonable delay or expense.

8. Correct

Allows a person to update, correct or amend their personal information where necessary.

9. Accurate

Ensures that the health information is relevant and accurate before being used.

Use

10. Limited

An agency or organisation can only use your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 10 applies). Otherwise separate consent is required.

Disclosure

11. Limited

An agency or organisation can only disclose your health information for the purpose for which it was collected or a directly related purpose that you would expect (unless one of the exemptions in HPP 11 applies). Otherwise separate consent is required.

Identifiers and anonymity

12. Not identified

An agency or organisation can only give you an identification number if it is reasonably necessary to carry out their functions efficiently.

13. Anonymous

Give the person the option of receiving services from you anonymously, where this is lawful and practicable.

Transferrals and linkage

14. Controlled

Only transfer health information outside New South Wales in accordance with HPP 14.

15. Authorised

Only use health records linkage systems if the person has provided or expressed their consent.

For more information

Contact the Information and Privacy Commission NSW (IPC):

Freecall:            1800 472 679

Email:               ipcinfo@ipc.nsw.gov.au

Website:           www.ipc.nsw.gov.au

Last updated: May 2014

Audience: 
Rating: 
1 out of 5 star rating
Average: 1 (1 vote)
Tags: 
Topic: 
Archive: 
0
Teaser: 
The 15 Health Privacy Principles (HPPs) are the key to the Health Records and Information Privacy Act 2002 (HRIP Act).

POPUP MINIPANEL