Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

What are health service providers?

All organisations that provide a health service and hold health information are covered by the Privacy Act 1988 (Privacy Act), whether or not they are a small business and even if providing a health service is not their primary activity.

Under the Privacy Act a 'health service' includes any activity that involves:

  • assessing, maintaining or improving a person's physical or psychological health

  • diagnosing or treating a person's illness, disability or injury

  • recording a person’s physical or psychological health for the purposes of assessing, maintaining, improving or managing the person’s health

  • dispensing a prescription drug or medicinal preparation by a pharmacist

  • where a person’s health cannot be maintained or improved – managing the person’s physical or psychological health

This includes activities that take place in the course of providing aged care, palliative care or care for a person with a disability.

Organisations providing a health service include:

  • traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals
  • complementary therapists, such as naturopaths and chiropractors
  • gyms and weight loss clinics
  • child care centres and private schools.

State and territory public hospitals and health services are not covered by the Privacy Act, but may be covered by relevant state or territory legislation. However, the Office of the Australian Information Commissioner (OAIC) may be able to investigate complaints about the handling of healthcare identifiers by state and territory authorities.