What is personal information and health information?
Briefly, ‘personal information’ is information about a living individual whose identity is apparent, or can be reasonably ascertained. ‘Sensitive information’ is a defined sub-category of personal information, and it includes ‘health information’. Any personal information held by a provider is likely to be ‘health information’ under the Privacy Act. The full definition of ‘health information’ is attached at the end of this information sheet. Use and disclosure under National Privacy Principle 2 (NPP 2) In general terms, ‘use’ refers to the handling of an individual’s personal information inside an organisation. ‘Disclosure’ involves the release of that information to someone outside the organisation (apart from the individual themselves). Generally under the Privacy Act, a patient’s health information may only be disclosed for: • the primary purpose for which it was collected; • a directly related purpose that the patient would reasonably expect;[2] or • another purpose with the patien
