Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Is my organisation a health service provider?

If you provide a health service and hold health information you are covered by the Privacy Act even if that is not your primary activity. You are covered by the Privacy Act for all your activities.

Under the Privacy Act a 'health service' includes any activity that involves:

  • assessing, maintaining or improving a person's physical or psychological health; or
  • where a person’s health cannot be maintained or improved – managing the person’s health
  • diagnosing or treating a person's illness or disability; or
  • recording a person’s health for the purposes of assessing, maintaining, improving or managing the person’s health
  • dispensing a prescription drug or medicine by a pharmacist.

This includes activities performed in providing aged care, palliative care or care for a person with a disability.

Organisations providing a health service include:

  • traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals
  • complementary therapists, such as naturopaths and chiropractors
  • gyms and weight loss clinics
  • child care centres and private schools.

People commonly regard health information as one of the most sensitive types of personal information. For this reason, the Privacy Act provides extra protections around the handling of health information. For example, you generally need to get consent before you collect a person's health information.