For Healthcare providers
The IPC provides guidance and resources for private healthcare providers in NSW seeking information on privacy and health information.
NSW public sector health providers, such as Local Health Districts, should refer to the For Government page.
Privacy and health information
Private health service providers in NSW are legally required to manage health information in accordance with the Health Records and Information Privacy Act 2002 (HRIP Act). This includes complying with the 15 Health Privacy Principles (HPPs), which govern how health information is collected, stored, used, and disclosed. Providers must ensure individuals are informed about how their health information is handled and must take reasonable steps to protect it from misuse, loss, or unauthorised access. The HRIP Act also sets out specific rules for collecting information from third parties and using it for purposes such as research, training, or service management.
Individuals have a right to access and request correction of their health information, and providers must respond to such requests within 45 calendar days. Access may be refused only under limited circumstances, such as where disclosure would pose a serious threat to health or breach another person’s privacy. Providers must also maintain clear procedures for handling complaints and ensure staff are trained in privacy obligations. The NSW Privacy Commissioner monitors compliance and can investigate complaints where privacy rights may have been breached.
Privacy: I want to know about...
NSW Privacy Laws
The IPC oversees a number of laws that protect and promote the protection of personal and health information in NSW.
Information for Private NSW Health Service Providers
The IPC has a number of resources to assist private health service providers in NSW in complying with their duties under the laws.
Fact Sheet - A guide to privacy laws in NSW
This fact sheet helps individuals to understand NSW privacy laws and what their rights are under the legislation.
Checklist - Checklist for private sector staff: responding to a request to access health information
This checklist assists private sector staff in NSW dealing with health information to respond to a request to access that information.
Fact Sheet - A guide to retention and storage of health information in NSW for private health service providers
This fact sheet assists private health care providers and citizens to understand the obligations and responsibilities in retaining and storing health information under NSW privacy laws.
Fact Sheet - Information Protection Principles (IPPs) for agencies
The 12 Information Protection Principles (IPPs) are your key to the Privacy and Personal Information Protection Act 1998 (PPIP Act)
Fact Sheet - Health Privacy Principles (HPPs) for agencies
The 15 Health Privacy Principles are the key to the Health Records and Information Privacy Act, 2002 (HRIP Act).
Guideline - Statutory guidelines on the management of health services
This guideline outlines the requirements for the use and disclosure of health information for the management of health services
Data protection principles
The IPC has formally adopted data protection principles (DPPs) when giving advice or investigating complaints about organisations which are not obliged to comply with the PPIP or HRIP Act.
