A review of Australian health privacy regulation regarding the use and disclosure of identified data to conduct data linkage

Abstract

Objective: To review Australian legislation about privacy, focusing on provisions within the regulations to conduct health research using identified data and lobby for regulatory change in the ACT. Method: A systematic review of Commonwealth and jurisdiction health privacy regulation. Results: Australia has a number of regulations for the protection of privacy of health information. In addition to Commonwealth privacy laws, there are jurisdictional regulations concerning protection of health information. These range from no specific legislation in Western Australia, to a code of practice in South Australia, and Commonwealth legislation that deals with use and disclosure of identified health information to conduct health research (Sections 95 and 95A of the Privacy Act 1988). At the time of this review, all but one jurisdiction, the Australian Capital Territory (ACT), had provisions for disclosing identified health information for health research. Conclusion: The ACT's Health Records (Privacy and Access) Act was inconsistent with the other Australian regulation concerning the use of identified health data in health research. Implications: The information from the review was used to inform the ACT Government that the health privacy regulations in place were inconsistent with the rest of Australia and resulted in regulatory change in the ACT. ACT legislation was amended to include provisions for the disclosure of identified health information for health research under controlled circumstances. The amendments were passed in December 2005, facilitating future health research involving data linkage in the ACT.