NSW Health takes the protection of health privacy and personal information seriously.

This webpage provides you with information about the privacy laws and policies that apply to NSW Health.

Privacy information

NSW Health is bound by a privacy framework, principally being the Health Records and Information Privacy Act 2002 (HRIP Act) which applies to health privacy, and Privacy and Personal Information Protection Act 1998 (PPIP Act) which applies to non-health personal information.

The NSW Health Privacy Manual for Health Information provides a guide to the legislative obligations imposed by the HRIP Act on the public health system and outlines procedures to support compliance with this Act. The Health Privacy Principles (or HPPs) contained in the HRIP Act establish 15 principles for the management of information:

  • Collection Principles (HPPs 1-4)
  • Retention and Security (HPP 5)
  • Access (HPPs 6-7)
  • Amendment (HPP 8)
  • Accuracy (HPP 9)
  • Use (HPP 10)
  • Disclosure (HPP 11)
  • Identifiers (HPP 12)
  • Anonymity (HPP 13)
  • Transfer of Information Across State Borders (HPP 14)
  • Linkage of Electronic Records (HPP 15)

If you have a question or complaint about your privacy, please contact the Privacy Contact Officer at the relevant health organisation.

Privacy support for the cyber incident

For information about the cyber incident affecting NSW Health, refer to NSW Health cyber attack update.


Current as at: Monday 7 June 2021
Contact page owner: Compliance