Privacy confidentiality and legal responsibilities


Print as PDF

KEY POINTS

  • In Australia, it is illegal to discriminate against people because they have or are presumed to have any disease, including hepatitis B virus (HBV) infection.
  • HBV is a notifiable disease in every Australian state and territory, which means that it is mandatory for health-care practitioners to report any confirmed case. Mandatory notification does not legally breach a patient’s right to privacy, although patients should be informed that notification will occur.
  • Information relating to an individual’s health and health-related treatment is sensitive, and an individual’s right to privacy around this information is protected by state, territory and federal legislation.
  • The Privacy Act 1988 (Commonwealth) (the Privacy Act) is the primary piece of legislation governing privacy of health information in Australia. Under amendments to the Privacy Act that came into force in March 2014, there are now increased restrictions on the handling of personal information obtained from a third party, and the Privacy Commissioner has greater enforcement powers and increased penalties for privacy breaches.
  • State and territory governments have also enacted jurisdictional laws and regulations that affect privacy practices. These state and territory instruments may intersect or overlap with the Privacy Act and, as a result, health-care practitioners must make themselves aware of the privacy and confidentiality obligations that relate to their practice within their respective jurisdiction.
  • Health-care practitioners should only collect health information about a patient with that patient’s informed consent, and should advise the patient of the potential use of that information as part of obtaining informed consent. There should be systems in place for secure storage of physical and electronic records, and all staff should be trained in these systems, and aware of their privacy and confidentiality obligations.
  • Health-care workers are required to disclose their status if they are carrying out exposure-prone procedures, applying for the defence forces, or applying for relevant types of insurance. They may also be required to disclose to their sexual partners if they are not taking reasonable precautions not to transmit the infection.


  1. Australian Medical Association (AMA). AMA Code of Ethics. 2004. Editorially revised 2006. Revised 2016. Available at: https://ama.com.au/position-statement/code-ethics-2004-editorially-revised-2006-revised-2016 (last accessed 4 July 2018).
  2. Australian Government. Office of the Australian Information Commissioner. Rights and responsibilities. Who has rights under the Privacy Act? [internet]. Available at: https://www.oaic.gov.au/privacy/the-privacy-act/rights-and-responsibilities (last accessed 4 July 2018).
  3. Australian Government. Office of the Australian Information Commissioner. Australian Privacy Principles. (as at 2 March 2018) [internet]. Available at: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/ (last accessed 4 July 2018).
  4. Communicable Diseases Network Australia (CDNA). Australian national guidelines for the management of health care workers known to be infected with blood-borne viruses. 28 February 2012. Available at: http://www.health.gov.au/internet/main/publishing.nsf/content/cda-cdna-bloodborne.htm#BBVs (last accessed 4 July 2018).
  5. Australasian Society for HIV Medicine (ASHM). Australasian Contact Tracing Manual [internet]. Available at: http://contacttracing.ashm.org.au (last accessed 4 July 2018).