An organisation that provides a health service and holds health information is covered by the Privacy Act 1988, even if they’re a small business or providing a health service is not their primary activity.
Some examples of a health service provider covered by the Privacy Act include:
- a general practitioner or a medical practitioner
- a blood or tissue bank
- a private hospital or a day procedure centre
- a private aged care or palliative care facility
- pathology or radiology services
- an assisted fertility or IVF clinic
- a dentist
- a pharmacist
- an allied health professional
- a complementary medicine therapist
- a health service provided in the non-government sector (such as a phone counselling service or drug and alcohol service)
- a disability service provider (where they handle health information)
- an online health service (such as counselling, advice, medicines), a telehealth business or a health mail order business
- a gym or weight loss clinic
- a private school or a childcare centre.
What does ‘providing a health service’ mean?
Providing a health service means doing an activity such as:
- diagnosing or treating illness or disability
- assessing, maintaining or improving an individual’s physical or psychological health
- managing an individual’s health
- recording an individual’s health to assess, maintain, improve or manage it
- a pharmacist dispensing prescription drugs or medication.
Allied health describes the broad range of health professionals who aren’t a doctor, dentist or nurse. For example, they may provide a health service such as audiology, physiotherapy, podiatry, psychology, occupational therapy, optometry, social work or speech therapy.
Complementary therapies are used alongside or in place of conventional medical treatments and include: acupuncture, aromatherapy, Chinese medicine, chiropractic, herbs, naturopathy, massage and many more.
A gym or weight loss clinic
A gym or a weight loss clinic is a health service provider in situations where they collect your health information.