Statutory guidelines HRIP Act

Fact sheet - Statutory guidelines HRIP Act May 2014 (PDF, 49kb)

Statutory guidelines expand upon the Health Privacy Principles (HPPs) within the HRIP Act. Their purpose is to guide organisations in their handling of health information and provide more detailed information regarding the scope of the HPPs.

This fact sheet provides a brief outline of the four statutory guidelines issued to accompany the exemptions under the 15 Health Privacy Principles (HPPs). Both the statutory guidelines and the exemptions must be complied with. Failure to do so constitutes a breach under the Act.

Statutory guidelines on the management of health services

The statutory guideline requires proposals for funding, management, planning or evaluation of health services to be submitted and reviewed by the Human Research Ethics Committee. The guideline sets out the procedure for the preparation of proposals.

Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the statutory guideline if they wish to rely on the management of health services exemption in the HPP 10(1)(d) or 11(1)(d).

Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the management activity substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.

Statutory guidelines on training

The statutory guideline requires organisations to prepare a written statement of reasons for the training activity. The statement of reasons must be kept for at least five years and can be accessed by the NSW Privacy Commissioner (on request) during that time.

In addition, people working within the organisation to be trained or people who will access the health information during the training activity are required to sign an agreement stating that they are aware of the HPPs and that they agree to comply with those principles.

Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the statutory guideline if they want to rely on the training exemption in the HPP 10(1)(e) or 11(1)(e).

Statutory guidelines on research

The statutory guideline requires research proposals to be submitted and reviewed by the Human Research Ethics Committee. The guideline sets out the procedure for the preparation of proposals.

Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the guideline if they want to rely on the research exemption in HPP 10(1)(f) or 11(1)(f).

Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the research substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.

Statutory guidelines on the collection of health information from a third party

The statutory guideline sets out specific circumstances in which an organisation can be exempt when it collects information about an individual from someone else (a third party).

These circumstances may include, when the collection of health information from the third party is necessary, or directly relevant, when the individual to whom the health information relates is unlikely to suffer burden or harm and is not discriminated against and when decisions are not made about the individual.

Organisations seeking to collect health information about an individual from a third party must comply with the guideline, relying on the exemption in HPP 4(3).

For more information

Contact the Information and Privacy Commission NSW (IPC)

Freecall:             1800 472 679
Email:                ipcinfo@ipc.nsw.gov.au
Website:             www.ipc.nsw.gov.au

Last updated: May 2014

Rating: 
2 out of 5 star rating
Average: 2 (1 vote)
Tags: 
Archive: 
0