The Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth), give people a right to access and correct medical records held by private health service providers. APP 12 provides that if an entity (agency, organisation, small business operator) holds personal information about a person, it must give access to that information at the person’s request.
However the right to access such information is not absolute. APP 12 also sets out grounds upon which a request may be denied. These grounds include that:
- the entity reasonably believes that giving access would pose a serious threat to the life, health or safety of an individual, or to public health or public safety; or
- access would unreasonably impact upon the privacy of others;
- the request is frivolous or vexatious;
- the information relates to legal proceeding between the entity and individual, and would not be accessible via the process of discovery (access to documents related to the proceedings);
- giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
Health services are able to charge a fee for access to information, provided the fee is not excessive.
Note: If the information was acquired before the 21 December 2001 and has not been used or disclosed since then, a person may need to seek a court order to access such information. This is because such information is not subject to the Australian Privacy Principles and is the property of the health service that holds the records.  In such circumstances it would be prudent for a person to seek legal advice relevant to their personal situation.
The Freedom of Information Act 1982 (Cth) provides a legally enforceable right of access to Commonwealth government documents held by ministers and most agencies (although their obligations differ). If there was health related information held by such ministers or agencies access to, or correction of, such information would be determined by the provisions of FOI Act.
Note, that some information may be exempt under the FOI Act, or subject to secrecy provisions found in other relevant acts.
From 1 November 2014, the Commonwealth Ombudsman has handled complaints about the processing of freedom of information (FOI) requests.
For more information about Commonwealth freedom of information see the Office of the Australian Information Commissioner, Freedom of Information.
NOTE: Access to documents held by state and territory public health services and agencies is governed by state and territory legislation. (See below)
Some key pieces of legislation that are relevant to health care information and records are listed below, and links to oversight agencies provided.
Click on the links below to go directly to information on a specific state/territory, or scroll down to read them all.
Table: Legislation and Oversight: Access to Health Records (Personal Information) in Australia
References [ + ]
|1.||↑||Note the information must have been acquired after 21 December 2001 or if acquired before that date, been used or disclosed by the health service since 21 December 2001.|
|2.||↑||Breen v Williams  HCA 57; (1996) 186 CLR 71.|
|3.||↑||For example, see the Commonwealth Aged Care Act 1997 , subsection 86‑2(1) and sections 86‑5, 86‑6 and 86‑7; Australian Institute of Health Act 1987, subsections 29(1) and (3); Gene Technology Act 2000, subsections 187(1) and (2); Health Insurance Act 1973, subsections 130(1), (4) and (9); National Health Act 1953 subsections 135A(1), (4) and (9); Private Health Insurance Act 2007, sections 323‑1 and 323‑40.|