Skip to primary content


  • Text Decrease
  • Text Increase

Your Privacy

Victorian doctors must comply with three pieces of legislation in managing patient records:

  • Health Records Act 2001 (Victorian)
  • Information Privacy Act 2000 (Victorian)
  • Privacy Act 1988 (Commonwealth)

The Health Records Act 2001 covers:

  • standards, called Health Privacy Principles, for how your health information is handled by private and public health service providers (such as doctors and other health services) and many other organisations (such as schools and employers) 
  • your rights to access your health records in the private sector.

Access to your health records held by a public hospital or other public health agency is covered by the Freedom of Information Act 1982, (FOI Act).  

Preserving your privacy: what doctors need to do

What doctors can collect (Health Privacy Principle 1): Doctors should only collect health information needed in treating you. They should let you know what they will do with the information and how you can get access to it. If the information being collected is outside the scope of this privacy principle, then the health service should have your consent to collect it.

Using and disclosing information (Principle 2): Your health information should only be used or disclosed for the primary reason it was collected, or a directly related secondary purpose, or one that you would reasonably expect. Otherwise, you generally need to give your consent for the use or disclosure of your health information.  In most cases, use or disclosure for primary purposes will be related to your immediate treatment and ongoing care eg disclosure of information to a specialist or if you attend a medico-legal assessment to an insurer or the lawyer who requested the assessment.

Examples of use or disclosure for a secondary purpose are:

  1. the use of personal information to render a bill for services provided or to recover outstanding fees
  2. if a doctor suspects you have an infectious disease, he/she must provide your personal health details to the Department of Human Services.

Data quality (Principle 3): Your doctor should take reasonable steps to ensure the health information they hold is accurate, complete, up-to-date and relevant to their functions.

Data security and retention (Principle 4): Health services need to safeguard information so that it is not misused, lost, accessed by unauthorised people or modified. It can only be destroyed or deleted under this principle of the Act.

Identifiers (Principle 7): Health services should only use a number to identify you if that is reasonably necessary to carry out their functions efficiently.

Trans-border data flows (Principle 9): Information about you can only be transferred outside Victoria if the organisation it is going to is covered by laws substantially like the Victorian legislation.

What if the medical practice closes? (Principle 10): If your health service provider sells or closes down or transfers their practice and doesn’t provide a service any more, they must give notice by advertising in a local newspaper. 

Making information available to another health service provider (Principle 11): If you ask your health service provider to pass health information they hold about you to another health service provider, they must do so.

Preserving your privacy: what you can do

Openness (Principle 5): Health services should have clear policies on how they manage your health information. They should make this material available to you if you ask for it.

Anonymity (Principle 8): When the doctor is entering into transactions about you with other organisations, you have the option of not identifying yourself where it is lawful and feasible to do this.

 How do I get a copy of my health records?

Access and correction (Principle 6): This principle gives you a right to access your health information from the private health sector.  You can correct it if it is inaccurate, incomplete, misleading or not up-to-date.

The Freedom of Information Act gives you access to your health information held in the public sector such as a public hospital, ambulance service or community health centre.

 For information collected after 1 July 2002 you can access your health information by your doctor by

  • inspecting the records and taking notes
  • receiving a copy, or
  • viewing the information and having its content explained.

For information collected before 1 July 2002 your doctor can agree to provide the information in full or an accurate summary of the information.

 An organisation or doctor can refuse access where:

  • Access would have an unreasonable impact on the privacy of others
  • Information relates to existing legal proceedings and the information would not be discoverable or is subject to legal professional privilege, or
  • Granting access would prejudice law enforcement by a law enforcement agency

The legislation states access must not be granted where:

  • An organisation believes on reasonable grounds that granting access would pose a serious threat to the life or health of the person making the request or any other person, or
  • The information was given in confidence by another person (but not a health service provider), unless that person consents.

Is there a cost to access my health records?

The legislation allows doctors and other organisations to charge a fee to recover the costs of providing you with access to your records.  Regulations limit the fees that can be charged. 

If you want an explanation in relation to the content, your doctor can charge their normal consultation fee.

Where can I take concerns regarding my health records?

First of all discuss your concerns with your doctor.  

The Health Complaints Commissioner handles complaints about interference with health privacy, largely informally through conciliation, although compliance notices can be served under the Health Records Act. The Victorian Civil and Administrative Tribunal can also make binding orders. 

Health Complaints Commissioner
Complaints and Information
Telephone: 1300 582 113
Fax No.: (61 3) 9032 3111


or write to:

Health Complaints Commissioner
Level 26
570 Bourke Street
Melbourne. 3000
Victoria, Australia


Useful information / links:

  • AMA Victoria members have access to a free information booklet summarising their obligations in regard to protecting patient privacy and managing health records.  Just one of many benefits of being an AMA member.  Join Now