NSW Health takes the protection of health privacy and personal information seriously.

This webpage provides you with information about the privacy laws and policies that apply to NSW Health.

Privacy information

NSW Health is bound by a privacy framework, principally being the Health Records and Information Privacy Act 2002 (HRIP Act) which applies to health privacy, and Privacy and Personal Information Protection Act 1998 (PPIP Act) which applies to non-health personal information.

The NSW Health Privacy Manual for Health Information provides a guide to the legislative obligations imposed by the HRIP Act on the public health system and outlines procedures to support compliance with this Act. The Health Privacy Principles (or HPPs) contained in the HRIP Act establish 15 principles for the management of information:

  • Collection Principles (HPPs 1-4)
  • Retention and Security (HPP 5)
  • Access (HPPs 6-7)
  • Amendment (HPP 8)
  • Accuracy (HPP 9)
  • Use (HPP 10)
  • Disclosure (HPP 11)
  • Identifiers (HPP 12)
  • Anonymity (HPP 13)
  • Transfer of Information Across State Borders (HPP 14)
  • Linkage of Electronic Records (HPP 15)

Privacy Management Plan

The NSW Health Privacy Management Plan sets out NSW Health’s commitment to respecting the privacy rights of staff, patients and other third parties. It also explains NSW Health’s policies and procedures in managing personal information under the PPIP Act and health information under the HRIP Act, including how to access and amend personal information, and who to contact in the event of any privacy complaints or concerns.

All NSW Health organisations are required to adopt and implement the NSW Health Privacy Management Plan within their organisation and promote it to their staff and the public, including through publication of the Plan on their public facing websites.

Protecting your data when using shared devices

This fact sheet educates patients on simple steps they can take to protect their personal information when using shared devices. It aims to reduce the risk of data breaches associated with the use of shared devices.

View the fact sheet here.


If you have a question or complaint about your privacy, please contact the Privacy Contact Officer at the relevant health organisation.

Current as at: Thursday 21 March 2024
Contact page owner: Compliance