Privacy Policy


Policy No. AH75/05
Executive Director Corporate Development
ISSUE DATE April 2006
REVIEW DATE April 2007


Austin Health (consisting of Austin Hospital , Heidelberg Repatriation Hospital and Royal Talbot Rehabilitation Centre) complies with all Victorian legislation relating to patient confidentiality and privacy, including the Health Services Act 1988 (Vic) and the Health Records Act 2001 (Vic). This policy documents the policies on the management of patient information, which includes collection, use and disclosure and access of personal information at Austin Health. For information relating to the management of employee information, please refer to the Austin Health Human Resources Information Management Policy (Policy No. 63/02).

Personal information is recorded information or opinion, whether true or not, about a readily identifiable individual. It includes information identifiable through a unique identifier such as a Unit Record Number (UR), test number, episode number, client number, etc.


  • Austin Health will not use or disclose information of a personal nature without the consent of the patient, except to the extent that this is required, authorised or permitted under law . Austin Health staff are required to be trained to understand their obligations under the laws relating to maintaining privacy.
  • Austin Health will only collect information that is necessary to perform its functions. We will always try to do so in a fair, lawful and non intrusive way. Wherever possible, we will collect information directly rather than from third parties. Except in an emergency situation, we will do our best to advise patients if we collect information about them from a third party.
  • When Austin Health collects information we will advise the patient why we are collecting it, draw their attention to any law that requires it to be collected, the organisations or type of organisations to whom we usually would disclose it and the consequences for the patient if the information was not provided.
  • Austin Health will collect and use patient information for the purpose of providing care and treatment to patients.
  • Austin Health may disclose information to another health care provider as necessary for the provision of emergency treatment.
  • In a situation, which is not an emergency, Austin Health will follow the patient's instructions provided at admission regarding the release of health information. Unless the patient has instructed Austin Health not to do so, Austin Health may disclose patient information to other health care providers for the purpose of providing further treatment.
  • Austin Health is permitted by law to provide health information to appropriate authorities to prevent a serious and imminent threat to the life, health or safety of an individual or a serious threat to public health, public safety or public welfare.
  • Austin Health is permitted by law to undertake quality assurance activities in order to measure and improve services provided to patients. Quality assurance reports contain no personal identifying information.
  • Austin Health is permitted by law to keep statistics about patients' conditions and treatment to help plan better services and to understand health trends. Statistical reports contain no personal identifying information. Demographic and statistical information is reported to government funding bodies.
  • Austin Health may use patient information in teaching and training of clinical staff and in multi-disciplinary unit meetings to ensure the highest standard of patient care is provided.
  • The Austin Health Human Research Ethics Committee must approve all research undertaken at Austin Health. Patient consent will be sought as required by the law.
  • Austin Health may contact patients for public relations and fundraising matters. Patients have the right to opt out of such activities.
  • Austin Health will inform patients about the uses of their information via the ‘Protecting Your Privacy' brochure.
  • The ‘Protecting Your Privacy' brochure gives patients the option of withdrawing their consent (opting out) for certain types of information sharing that require their consent. Other uses and disclosures of information such as those required by law, emergency treatment or protection of the public health and safety are unaffected by opting out. If a patient chooses to opt out they must sign a ‘Refusal of Consent to Disclose Information' form. This form is filed in the patient record and the status is recorded on the computer system. Patients are able to change their consent status at any time. Copies of ‘Refusal of Consent to Disclo s e Information' form are available from the Freedom of Information Officer, Austin Health or on the Austin Privacy Information intranet site.
  • Austin Health will ensure that patient information is accurate, complete and up to date. Retention of patient records is in accordance with relevant legislation such as the Public Records Act 1973 (Vic), Freedom of Information Act 1982 (Vic) and accreditation guidelines. Austin Health is required to hold some records for extended periods. From time to time, Austin Health will conduct audits of patient records and databases to ensure that the information held is accurate and up to date.
  • Austin Health has systems in place to monitor and control access to patient information. Austin Health staff and authorised external users only have access to the records and computer systems that their duties require . Austin Health is working towards uniquely identifying individual users to ensure that access is appropriately authorised. This will result in all transactions involving personal patient information being auditable and traceable to an individual Austin Health staff member.
  • Austin Health staff are required to abide by the Austin Health Patient Information Privacy Policy. In circumstances where legal sharing of information is required with an outside service provider, contractors will be required to sign a confidentiality agreement. When entering into an agreement, the contractor agrees to comply with all Health Records and Privacy Legislation which Austin Health is required to comply with.
  • Where an individual authorises Austin Health in writing to release health information to another individual or organisation, a confidentiality agreement with that organisation or individual is not required.
  • Austin Health will provide access to personal information held about patients, consistent with the Freedom of Information Act 1982 (Vic). However, there are some exceptions to this. For example, Austin Health is not obligated to give patients access to health information held about them, where doing so would unreasonably disclose information relating to others or where the information would otherwise be exempt from disclosure by law.
  • Information held by Austin Health may from time to time need to be transferred to organisations outside Victoria for the purpose of the provision of care. Austin Health will only do this where the patient consents, where we believe that the recipient organisation is subject to binding privacy obligations that are substantially similar to the ones under which we operate; or where it is in the patient's interests for us to do so (and it is impracticable to obtain the patient's consent, and if we were able to ask, the patient would be likely to give consent).
  • Austin Health will ensure that any suspected infringements of patient privacy are thoroughly investigated. Austin Health has fraud prevention strategies to identify procedural and systems weaknesses and continually reviews these strategies. Disciplinary action is taken in cases where investigations or suspected infringements of patient privacy are proven.

More Information

Further information on this policy or if a patient would like access to their health information, contact:

The Freedom of Information Officer
Austin Health
PO Box 5444, Heidelberg West, Victoria 3081
Telephone: (03) 9496-3103

If a patient has concerns that Austin Health may have infringed their privacy rights, they should write to:

The Patient Representative
Austin Health
PO Box 5555, Heidelberg, Victoria 3084


Subject expertise and/ or support in the implementation of this policy is available from:

  • Manager, Health Information Services Extension 5279
  • Operations Manager, Health Information Services Extension 3709
  • Corporate Counsel Extenison 5266

Chief Executive Officer

April 2006