Commonwealth Consolidated Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

HEALTHCARE IDENTIFIERS ACT 2010 - SECT 26

Use and disclosure of healthcare identifiers and other information obtained under this Act

  (1)   A person must not use or disclose information if:

  (a)   the person obtains the information in response to a request under section   9B; or

  (b)   the person obtains the information in the course of establishing or maintaining a record for the purposes of section   10 (a record of healthcare identifiers assigned and other matters, such as requests made to the service operator to disclose those identifiers); or

  (c)   the information is identifying information and the person obtains the information in circumstances covered by a requirement or authority under this Act; or

  (d)   the information is the healthcare identifier of a healthcare recipient or an individual healthcare provider.

  (2)   A person must not use or disclose information if the information is disclosed to the person in contravention of subsection   (1).

  (3)   This section does not apply to the use or disclosure of a healthcare identifier if:

  (a)   the use or disclosure of the healthcare identifier is required or authorised under this Act; or

  (b)   the use or disclosure of the healthcare identifier is required or authorised under another Commonwealth law or a court/tribunal order; or

  (c)   the use or disclosure is:

  (i)   by the person to whom the healthcare identifier relates; and

  (ii)   for the purposes of, or in connection with, the personal, family or household affairs of that person (within the meaning of section   16 of the Privacy Act 1988 ); or

  (d)   a permitted general situation of the kind described in item   1, 2, 4 or 5 of the table in subsection   16A(1) of the Privacy Act 1988 exists in relation to the use or disclosure, or would exist if the person were an APP entity for the purposes of that Act; or

  (e)   without limiting the exceptions under this subsection, the use or disclosure is required or authorised by the Information Commissioner, or an equivalent officer or agency of a State or Territory, in exercising powers or performing functions in relation to privacy.

Note:   A defendant bears an evidential burden in relation to the matters in subsection   (3): see subsection   13.3(3) of the Criminal Code .

  (4)   This section does not apply to the use or disclosure of information other than a healthcare identifier if:

  (a)   the use or disclosure of the information is required or authorised under this Act; or

  (b)   the use or disclosure of the information is required or authorised under another Australian law or a court/tribunal order; or

  (c)   the information is personal information and the use or disclosure would not be an interference with the privacy of the individual for the purposes of the Privacy Act 1988 , or would not be an interference with the privacy of the individual for the purposes of that Act if the person were an agency or an organisation for the purposes of that Act; or

  (d)   without limiting the exceptions under this subsection, the use or disclosure is required or authorised by the Information Commissioner, or an equivalent officer or agency of a State or Territory, in exercising powers or performing functions in relation to privacy.

Note:   A defendant bears an evidential burden in relation to the matters in subsection   (4): see subsection   13.3(3) of the Criminal Code .

  (5)   A person commits an offence if the person contravenes subsection   (1) or (2).

Penalty:   Imprisonment for 2 years or 120 penalty units, or both.

  (6)   A person is liable to a civil penalty if:

  (a)   the person uses or discloses information in circumstances under which the use or disclosure would contravene subsection   (1) or (2); and

  (b)   the person knows or is reckless as to those circumstances.

Civil penalty:   600 penalty units.



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback