Summary of Health Privacy Principles
| COLLECTION PRINCIPLES | |
| HPP 1 | Purposes of collection of personal health information |
| Personal health information must be collected by lawful means and for a lawful purpose. The purpose must be directly related to, and reasonably necessary for, an organisation's functions or activities. | |
| HPP 2 | Collection and information sought must be relevant, not excessive, accurate and not intrusive |
| HPP 3 | Collection from individual concerned |
| Personal health information must be collected from the individual it relates to, unless that is unreasonable or impractical. | |
| HPP 4 | Individual to be made aware of certain matters |
| Reasonable steps must be taken to inform the individual about how the information may be used, who may access it, and the consequences of not providing it. The individual should be told what agency is collecting the information and that they have a right to access it. This information should generally also be given to the individual where information about them is collected from someone else, unless certain exemptions, listed in the Act and the Guidelines apply. | |
| SECURITY PRINCIPLES | |
| HPP 5 | Retention and security |
| Personal health information held by public health agencies must be securely housed and protected against loss or misuse. Information must be kept only as long as is necessary for the purpose (or as required by a law, such as the NSW State Records Act 1998), and must be disposed of securely. | |
| ACCESS AND AMENDMENT PRINCIPLES | |
| HPP 6 | Information about personal health information held by organisations |
| Organisations that hold personal health information must allow individuals to find out if they hold information about that individual, and, if so, what kind of information they hold, what it is used for, and whether and how the individual can access it. | |
| HPP 7 | Access to personal health information |
| Individuals must be allowed to access the personal health information held about them. This must be done without excessive delay or expense. | |
| HPP 8 | Amendment of personal health information |
| Individuals may request that their personal health information be amended to ensure that it is accurate, relevant, up to date, complete and not misleading. Organisations must either make the requested amendments or, if requested, attach to the information a statement by the individual of the amendment they sought. | |
This web page is managed and authorised by Web Services Development of the NSW Department of Health. Last updated: 11 March, 2009