||9 June 2015
||9 June 2018
General Manager, Strategy & Performance
||Chief Executive Officer
To meet the requirements of the Health Records Act 2001 (“the Act”) in regards to the management and handling of Health Information.
This Policy applies to all employees, Councillors and contractors of the City of Greater Geelong, specifically those persons responsible for the receipt and management of Health Information.
- Privacy and Data Protection Act 2014
- Health Records Act 2001
- Freedom of Information Act 1982
- Public Records Act 1973
- MPR545.1.1 Information Privacy Management Procedure
- Charter of Human Rights and Responsibilities Act 2006 (Vic)
The Act defines “Health Information” as information or an opinion about –
- the physical, mental or psychological health of an individual; or
- a disability of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual.
that is also personal information; or
Other personal information collected to provide, or in providing, a health service; or
Other Personal Information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
Other personal information that is genetic information about an individual in a form which is, or could be, predictive of the health (at any time) of the individual or of any of his or her descendants.
Health Service Provider
The Act defines “Health Service Provider” as an organisation that provides a health service in Victoria to the extent that it provides such a service, but does not include those providers specifically exempted for the purposes of the Act.
The Act defines “Health Service” as –
- an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the organisation performing it—
- to assess, maintain or improve the individual’s health; or
- to diagnose the individual’s illness, injury or disability; or
- to treat the individual’s illness, injury or disability or suspected illness, injury or disability; or
- a disability service, palliative care service or aged care service; or
- the dispensing on prescription of a drug or medicinal preparation by a pharmacist; or
- a service, or class of service, provided in conjunction with an activity or service referred to in the above dot points that is prescribed as a Health Service;
but does not include a Health Service, or class of Health Service, that is prescribed as exempt for the purposes of this Act
5. Council Policy
Council is committed to complying with the Health Records Act 2001 and the Health Privacy Principles (HPPs).
Council only collects Health Information that is necessary for the performance of a function or activity, and where Council has obtained the individual’s consent, or where Council is required or permitted by law to collect the Health Information.
Council will only collect Health Information by lawful and fair means and not in an unreasonably intrusive way. If it is reasonable to do so, Council will only collect Health Information about an individual from that individual.
Upon collection Council, will inform the individual:
- how to contact Council;
- that he or she is able to gain access to the information;
- the purposes for which the information is collected;
- who Council usually discloses information of that kind;
- any law that requires Council to collect the information; and
- the main consequences (if any) if all or part of the information is not provided.
Use and Disclosure
Council only uses and discloses Health Information for the primary purpose for which it was collected, or for a directly related secondary purpose which the person would reasonably expect. In any other circumstances, Council will contact the individual in order to obtain consent (unless the use or disclosure is required by law or permitted by the Act).
Council will take reasonable steps to ensure the Health Information it holds is accurate, complete, up-to-date and relevant.
Data Security and Retention
Council will take steps to safeguard the Health Information it holds against misuse, loss, unauthorised access and modification. Where lawful, Council will take reasonable steps to destroy or permanently de-identify Health Information which is no longer required.
Council will publish this policy on its website and provide a copy to any person who requests it.
Access and Correction
Individuals may request access to, and correction of, their own Health Information held by Council. Access should be granted, except where providing access would pose a serious threat to the life or health of any individual, or where it would impact on the privacy of a third person.
Council must not assign Unique Identifiers to an individual unless the assignment is necessary to enable Council to efficiently carry out any of its functions. The use of Unique Identifiers should be reviewed on an ongoing basis.
Where lawful and practical, individuals must be provided with an opportunity to remain anonymous.
Transborder Data Flows
Council will only transfer Health Information outside Victoria if the organisation receiving it is bound by similar obligations to those set out in the Health Privacy Principles.
Closure of the practice of a Health Service Provider
If Council discontinues its Health Services, it will give notice of the closure to past service users directly and by way of notice in the local newspaper. Whether Council elects to transfer or hold onto Health Information collected as part of its Health Service depends on Council’s obligations under the Public Records Act 1973 (Vic).
Making information available to another Health Service Provider
When Council acts as a Health Service Provider, Council will make Health Information relating to an individual available to another Health Service Provider where requested to do so by the individual.
Where an external contractor deals with Health Information on behalf of Council, they will be required to comply with the Health Records Act.
Health Records Officer
The Privacy Officer will also be the Health Records Officer, and will handle enquiries, complaints or requests for amendments to Health Information. Written requests for information will be responded to in writing within 10 working days of receipt, unless the request is covered by the Freedom of Information Act. Complaints will be directed to Council’s Privacy Officer in the first instance. However, should any person still feel aggrieved, they may contact the Health Services Commissioner.
6. Quality Records
Quality Records shall be retained for at least the period shown below.
||As per PROV RDA
||As per PROV RDA