Information and health privacy

Health cross under a magnifying glass with other health icons and security padlock and tick above each

The Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) guide how we collect, hold, use and disclose your personal and health information.

Collection of information

We can only collect health information if it’s necessary, and when it’s given:

  • by consent
  • as required by any law
  • to prevent or reduce serious and imminent harm to any person
  • any other reason as prescribed in the Health Privacy Principles of the Health Records Act 2001.

Please call us on 03 9249 4000 if you'd like more information about why we collect your personal information.

Disclosure of information

Your personal information and health information will not be shared with anyone unless:

  • you tell us we can
  • the disclosure is related to the purpose of collection and you would expect us to disclose the information
  • the law requires us to disclose the information.

Some laws allow us to disclose your information in certain circumstances, such as:

  • when your neighbour (or neighbour’s agent) requires your contact details for the purpose of contributing to the cost of a fence, which adjoins your properties
  • contacting the ratepayer of a property for building protection works notices pursuant to the Building Act 1993
  • contacting the owner(s) of a property to obtain approval for Council Report and Consent to construct on our adjoining property under Part 4 of the Building Regulations 2006.

If you require any of the information above, find out more information at Property Information.

Information Privacy Health Records Policy

The Information Privacy Health Records Policy relates to the use and management of personal and health information collected by Council.

We are committed to protecting the privacy of personal and health information collected and used by complying with our obligations under the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic).

This policy covers:

  • Aim and Objectives
  • Definitions of Terms
  • Statement and Principles: type of information collected; use; disclosures; accuracy of information; access
  • Responding to Privacy complaints

Accessing and correcting your personal and health information

Call us on 03 9249 4000 to request to access or correct your personal information. 

The Freedom of Information Act 1982 (Vic) gives you the right to request an amendment of your personal information if our records are: 

  • inaccurate
  • incomplete
  • out of date or
  • misleading.

Breach of privacy complaints

If you think we have compromised the privacy of your personal or health information, or a member of our team has, you can make a complaint.

Please submit the details of your complaint to our Privacy Officer:

Post: Privacy Officer, PO Box 70, Sunshine Vic 3020

Phone: Call 03 9249 4000 and ask for the Privacy Officer

Health privacy principles

The Victorian Health Records Act 2001 (Vic) regulates the privacy of health information handled by the public and private sector bodies in Victoria. The Act became enforceable from 1 July 2002. The Health Records Act contains 11 Health Privacy Principles (HPP).

The Health Services Commissioner has a responsibility for safeguarding the privacy of health information under the Act.

HPP Subject Summary
HPP1 Collection
  • Collect health information, necessary for Council's functions or activities, about an individual by lawful, fair and reasonable means and preferably from the individual concerned.
  • At or near the time of collection, notify the individual of why it is being collected, what usual disclosures may be made, if the collection is required by law and their right to access the information.
  • Information communicated in confidence from third parties may be collected.
HPP2 Use and disclosure

Use or disclose health information for the primary purpose collected or a related secondary purpose an individual would reasonably expect, such as:

  • where the individual consents
  • for law enforcement purposes
  • where required by law or
  • for other prescribed exceptions.

Where disclosure is for law enforcement a written note should be made of the disclosure.  

HPP3 Data quality Take reasonable steps to ensure that health information is accurate, complete, up-to-date and relevant to Council's functions.  
HPP4 Data security and retention
  • Take reasonable steps to protect health information held from misuse, loss, unauthorised access, modification or disclosure.
  • Health service providers must retain health information for prescribed periods.
  • Non-health service providers must retain for as long as the lawful purpose or as other Acts specify (such as the Public Records Act).
  • Health information is protected by these HPPs for 30 years after death.
HPP5 Openness
  • Document clearly expressed policies on the management of health information and steps individuals have to take to access health information.
  • Make the policies available to anyone who asks.
  • On request take reasonable steps to let the enquirer know generally, what sort of health information Council holds, for what purposes and how it collects and manages that information.
HPP6 Access and correction
  • Access to health information is dealt with under the Freedom of Information Act within Council.
  • Information collected after 1 July 2002 can be accessed in full.
  • If collected prior to 1 July 2002, at a minimum the individual is entitled only to a summary.
  • If an individual is able to establish that their health information is not accurate, complete and up-to-date, Council must take reasonable steps to correct the information.
HPP7 Identifiers
  • May only assign identifiers to individuals if necessary for Council to carry out its functions efficiently.
  • A private sector organisation may not adopt as its own identifier of an individual one that has been assigned to that person by a public sector organisation unless prescribed exceptions apply. 
HPP8 Anonymity Where it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation.
HPP9 Transborder data flows  May transfer health information about an individual to someone (other than Council or individual) who is outside Victoria only if prescribed conditions apply.  
HPP10 Transfer or closure of practice of health service provider If the practice or business of a health service provider is to be transferred or closed, the provider must comply with a prescribed set of procedures and statutory guidelines, centring on notification to former clients and the public.    
HPP11 Making information available to another provider If an individual requests a health service provider make their health information available to another provider, the former must comply with the reque
Last updated: 29 January 2024 - 2:44pm