Allens Arthur Robinson

• Introduction
• Overview
• NPPs & codes
• Complying
• Legislation & links
• Industries
  • Credit providers
  • Government work
  • Health
    • Genetic privacy
    • Research
    • Electronic records
    • Insurance
    • Sale of health records
    • Checklist
  • Insurance
  • Media
  • Superannuation
  • Telecommunications
  • Telemarketing
• News
• Contacts
• Glossary
• Publications

Research

The use and disclosure of health information is essential for effective medical research. But this use of health information erodes individual privacy - there's a conflict between the public interest in individual privacy and the public interest in increasing medical knowledge. 

Both existing public sector regulation and the private sector regime acknowledge this: health information generally may not be used or disclosed, but there's an exception where it's required for medical research.

• Public sector
• Private sector

Public sector

Research by a public sector body which would otherwise breach the Information Privacy Principles (IPPs), will not breach them if it is conducted in accordance with guidelines approved by the Privacy Commissioner. The latest guidelines were released in March 2000.

Private sector

The private sector regime authorises the use or disclosure of health information for research relevant to public health or public safety, without patient consent, where:

• it is impracticable for the organisation to seek the individual's consent before the use or disclosure;
• the use or disclosure is conducted in accordance with guidelines approved by the Privacy Commissioner under section 95A (the National Health and Medical Research Council has released draft guidelines, which have not yet been approved); and
• in the case of disclosure, the organisation reasonably believes the recipient of the information will not disclose it to a third party.

The health section of the Commissioner's Review of the Private Sector Provisions of the Privacy Act 1988, released in May 2005, includes some recommendations regarding medical research. For example, the Review has recommended that, as part of a broader inquiry into the Privacy Act the Federal Government consider (Recommendation 60):

• how to achieve greater consistency in regulating research activities under the Privacy Act;
• whether there is a need for reform in regard to de-identification of information as it relates to research;
• the balance between research beneficial to the community and protecting an individual's privacy;
• whether there is a need to amend NPP 2 to allow for the use and disclosure of personal information for research that doesn't involve health information; and
• undertaking further research and education within the community to ensure the balance between research and privacy accords with community expectations.