Fact Sheet - Statutory guidelines HRIP Act August 2019
This fact sheet appears below or can be viewed and downloaded here Fact sheet - Statutory guidelines HRIP Act, updated August 2019
Statutory guidelines expand upon the Health Privacy Principles (HPPs) within the HRIP Act. Their purpose is to guide organisations in their handling of health information and provide more detailed information regarding the scope of the HPPs.
This fact sheet provides a brief outline of the four statutory guidelines issued to accompany the exemptions under the 15 Health Privacy Principles (HPPs). Both the statutory guidelines and the exemptions must be complied with. Failure to do so constitutes a breach under the Act.
Statutory guidelines on the management of health services
The statutory guideline requires proposals for funding, management, planning or evaluation of health services to be submitted and reviewed by the Human Research Ethics Committee. The guideline sets out the procedure for the preparation of proposals.
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the statutory guideline if they wish to rely on the management of health services exemption in the HPP 10(1)(d) or 11(1)(d).
Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the management activity substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.
Statutory guidelines on training
The statutory guideline requires organisations to prepare a written statement of reasons for the training activity. The statement of reasons must be kept for at least five years and can be accessed by the NSW Privacy Commissioner (on request) during that time.
In addition, people working within the organisation to be trained or people who will access the health information during the training activity are required to sign an agreement stating that they are aware of the HPPs and that they agree to comply with those principles.
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the statutory guideline if they want to rely on the training exemption in the HPP 10(1)(e) or 11(1)(e).
Statutory guidelines on research
The statutory guideline requires research proposals to be submitted and reviewed by the Human Research Ethics Committee. The guideline sets out the procedure for the preparation of proposals.
Organisations seeking to use or disclose health information (without the individual’s consent) must comply with the guideline if they want to rely on the research exemption in HPP 10(1)(f) or 11(1)(f).
Proposals will only be approved once the committee determines, as set out in the guidelines, whether the public interest in the research substantially outweighs the public interest in maintaining the level of privacy otherwise afforded by the HPPs.
Statutory guidelines on the collection of health information from a third party
The statutory guideline sets out specific circumstances in which an organisation can be exempt when it collects information about an individual from someone else (a third party).
These circumstances may include, when the collection of health information from the third party is necessary, or directly relevant, when the individual to whom the health information relates is unlikely to suffer burden or harm and is not discriminated against and when decisions are not made about the individual.
Organisations seeking to collect health information about an individual from a third party must comply with the guideline, relying on the exemption in HPP 4(3).
For more information
Contact the Information and Privacy Commission NSW (IPC):
Freecall: 1800 472 679
Email: ipcinfo@ipc.nsw.gov.au
Website: www.ipc.nsw.gov.au