An organisation that provides a health service and holds health information is covered by the Privacy Act 1988, even if they’re a small business or providing a health service is not their primary activity.

Some examples of a health service provider covered by the Privacy Act include:

  • a general practitioner or a medical practitioner
  • a blood or tissue bank
  • a private hospital or a day procedure centre
  • a private aged care or palliative care facility
  • pathology or radiology services
  • an assisted fertility or IVF clinic
  • a dentist
  • a pharmacist
  • an allied health professional
  • a complementary medicine therapist
  • a health service provided in the non-government sector (such as a phone counselling service or drug and alcohol service)
  • a disability service provider (where they handle health information)
  • an online health service (such as counselling, advice, medicines), a telehealth business or a health mail order business
  • a gym or weight loss clinic
  • a private school or a childcare centre.

What does ‘providing a health service’ mean?

Providing a health service means doing an activity such as:

  • diagnosing or treating illness or disability
  • assessing, maintaining or improving an individual’s physical or psychological health
  • managing an individual’s health
  • recording an individual’s health to assess, maintain, improve or manage it
  • a pharmacist dispensing prescription drugs or medication.

Allied health

Allied health describes the broad range of health professionals who aren’t a doctor, dentist or nurse. For example, they may provide a health service such as audiology, physiotherapy, podiatry, psychology, occupational therapy, optometry, social work or speech therapy.

Complementary therapies

Complementary therapies are used alongside or in place of conventional medical treatments and include: acupuncture, aromatherapy, Chinese medicine, chiropractic, herbs, naturopathy, massage and many more.

A gym or weight loss clinic

A gym or a weight loss clinic is a health service provider in situations where they collect your health information.