Privacy for health service providers

If you provide a health service or hold health information you are considered to be a health service provider, even if that is not your primary activity. You are covered by the Privacy Act 1988 (Privacy Act) for all your activities.

People commonly regard health information as one of the most sensitive types of personal information. The Privacy Act provides extra protections around the handling of health information. For example, you generally need to get consent before you collect a person’s health information.

State and territory public hospitals and health services are not covered by the Privacy Act, but may be covered by relevant state or territory legislation. We may be able to investigate complaints about the handling of healthcare identifiers by state and territory authorities.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at