Content
Health privacy framework
on this page
- » The privacy framework
- » The NHMRC's role in the health privacy framework
- » The role of Human Research Ethics Committees (HRECs) in health privacy
- » Recent events and developments in privacy
- » S95 Guidelines and S95A Guidelines
The privacy framework
The purpose of the Privacy Act 1988 is to protect the privacy of personal information, which is a part of the broader concept of privacy. The Privacy Act gave effect to Australia's agreement to implement Guidelines adopted in 1980 by the Organisation for Economic Cooperation and Development (OECD), and fulfils Australia's relevant obligations under the 'International Covenant on Civil and Political Rights'. The Privacy Act was generally established to protect personal information held by federal government departments and agencies.
In December 2000, the Privacy Amendment (Private Sector) Act 2001 was passed by Federal Parliament. The Amendment Act extended the Privacy Act to protect personal information held by private sector organisations. Information about the Privacy Act and the Amendment Act is available from the Federal Privacy Commissioner.
Under the Privacy Act , there are two sets of privacy principles to regulate and guide the handling of personal information: the Information Privacy Principles (IPPs), which apply to the Commonwealth public sector; and the National Privacy Principles (NPPs), which apply to the private sector. Handling personal or health information may involve, for example, the collection, use, storage and disclosure of data. Information about the privacy principles may be accessed from the Office of the Federal Privacy Commissioner.
The IPPs and the NPPs primarily relate to the handling of personal information. Health information is a particular subset of personal information, so that the health privacy framework is set within the general privacy framework.
Most states and territories have also enacted privacy legislation that applies to state public sectors. Some states and territories have also enacted legislation to protect privacy in the private sector.
[top]
The NHMRC's role in the health privacy framework
The primary focus of the NHMRC with respect to privacy is in relation to research, balancing the need for the protection of personal privacy in data, and the need to facilitate access to data for research purposes.
Under the Privacy Act 1988 , the NHMRC is authorised to issue guidelines to protect the privacy of personal information and health information that may be accessed in the conduct of research. The NHMRC has developed two sets of guidelines for the consideration of research proposals. The S95 Guidelines apply to Commonwealth public sector agencies, and were released in 2000. The S95A Guidelines apply to private sector organisations, and were released in 2001. The S95 Guidelines and the S95A Guidelines were issued with the approval of the Federal Privacy Commissioner.
It should be noted that these guidelines apply to particular kinds of research activities, i.e. they do not apply to all research through which personal or health information may be handled.
The NHMRC's Australian Health Ethics Committee (AHEC) monitors compliance with these guidelines and reports its findings to the Office of the Federal Privacy Commissioner.
[top]
The role of Human Research Ethics Committees (HRECs) in health privacy
In undertaking ethical assessment of research proposals, HRECs consider the protection of privacy of those participating in research, or data used in research. HRECs must first consider which legislation might apply to research proposals, i.e. Commonwealth or state/territory legislation, bearing in mind that in some cases more than one Act will apply. HRECs then consider whether a research proposal conforms to the relevant privacy principles, and where necessary, apply the S95 or S95A Guidelines or other relevant guidelines. HRECs need to consider applying the S95 or S95A Guidelines mainly in cases where consent from participants to handle their personal or health information cannot be obtained.
As part of their annual report to the NHMRC, all HRECs registered with the NHMRC are asked about their use of these guidelines when reviewing research proposals.
[top]
Recent events and developments in privacy
Review of the private sector provisions of the Privacy Act 1988 (Cth)
The introduction of the Privacy Amendment (Private Sector) Act 2001 included a stipulation that the amendments be reviewed, commencing no later than two years after their introduction. The review was announced by the Attorney-General in August 2004. Terms of reference can be found on the Office of the Federal Privacy Commissioner website.
The NHMRC has made a submission to this review. This submission, and further information on the NHMRC's activities to inform and contribute to this review, is also available.
Senate Inquiry into the Privacy Act 1988
In December 2004, the Senate announced an inquiry to be held by its Legal and Constitutional References Committee into the Privacy Act 1988 . The NHMRC has made a submission to this review, and information about this inquiry is available at: http://www.aph.gov.au/senate/committee/legcon_ctte/privacy/index.htm
Development of the draft National Health Privacy Code
Information about this national policy initiative is available through the Department of Health and Ageing's website at:
http://www.health.gov.au/pubs/nhpcode.htm
S95 Guidelines and S95A Guidelines
The S95 Guidelines and the S95A Guidelines were both developed to provide a framework for making decisions about handling 'identifiable' data (personal or health information) that is required for research purposes, where consent from the individual cannot be obtained.
Guidelines under Section 95 of the Privacy Act 1988 provide a framework in which medical research involving personal
Help
|
|
Linked documents tagged with the PDF icon Note: Attempting to open large PDF files within the browser window may lead to system problems. For more information see Troubleshooting and access of large pdf documents. |
are formatted as Adobe Acrobat PDF (Portable Document Format) files. If you wish to view the PDF files you will
need to install the Adobe Acrobat Reader on your computer.
The Adobe Acrobat Reader is available for free download from the Guidelines approved under Section 95A of the Privacy Act 1988 provide a framework to ensure the privacy protection of health information that is collected, used or disclosed in the conduct of research, and the compilation or analysis of statistics relevant to public health or public safety, and in the conduct of health service management activities. The Guidelines approved under Section 95A of the Privacy Act 1988 apply to private sector organisations or institutions.
[top]