Patient Rights>

Privacy Code



When you visit a hospital, doctor or other healthcare provider, they will need to collect information about you so that they can provide the best possible care for you.

To protect your privacy, a set of rules called the Health Information Privacy Code has been created to make sure that this information is collected and used properly.

Click on the following link for more information about the Health Information Privacy Code

Click here for the health privacy toolkit aimed at both health consumers and health providers.

 A Summary of the Main Rules

Rule 1

Health information can only be collected about you where necessary.

Rule 2

The information about you should be collected only from you, unless there is a good reason why not.

Rule 3

At the time information is collected from you, you should be made aware of the following:

  • that the information is being collected
  • why it is being collected
  • who will be able to see that information
  • the details of who is collecting and storing the information
  • if you have to give the information or can choose not to
  • what might happen if you do not provide the information
  • your right to see, and if necessary correct, the information.

Rule 4

The information should not be collected in a way which is unfair or unnecessarily intrusive.

Rule 5

Reasonable steps must be taken to protect the information against loss, unauthorised access or other misuse.

Rule 6

You can see the information that is held about you unless there is a very good reason why not.

Rule 7

You are able to request that corrections be made to your health information. If your request is refused (e.g. because there is a difference of opinion about what is correct), you can put your own point of view on the file.

Rule 8

Reasonable steps must be taken to check the information, before it is used, to make sure it is accurate, up-to-date, complete and relevant.

Rule 9

The information should not be kept any longer than is necessary. For health information, however, note that it is often necessary to keep the information for a long time.

Rule 10

The information should generally only be used for the reason it was collected and not used in other ways, unless there is a good reason.

Rule 11

The information will generally not be given to anyone else without your agreement, unless this is one of the reasons for collecting it or unless there is a good reason for doing so.

Rule 12

 ‘Unique identifiers’ (e.g. patient numbers) on health information should only be used for health-related purposes.

If You Have a Privacy Problem

Talk to the healthcare provider first, and explain the problem. Each health agency has to have a privacy officer. Ask for that person to be involved. They may be able to help you.

If you have been unsuccessful in getting the health agency to sort the problem out, you are able to contact the Privacy Commissioner’s Office:

Ph: 0800 803 909

Fax: 09 302 2305

Email: .