1.1 The Department
The Department administers a broad range of programs and activities to support Australia’s world class health system which allows universal and affordable access to high quality medical, pharmaceutical and hospital services while helping people to stay healthy through health promotion and disease prevention activities.
The Department’s diverse set of responsibilities include:
- Public health, including health protection, and medical research
- Health promotion and disease prevention
- Primary health care
- Hospitals funding and policy
- National Health and Hospitals Network
- Health research
- Pharmaceutical benefits
- Health benefits schemes
- Hearing services policy and funding
- Specific health services, including human quarantine
- Sport and recreation
- National drug strategy
- Regulation of therapeutic goods
- Notification and assessment of industrial chemicals
- Gene technology regulation
- Medical indemnity insurance issues
- Private health insurance
- Blood and organ policy and funding
- Health workforce capacity
- Mental health policy and primary mental health care
- Ageing research
- System Operator under the Personally Controlled Electronic Health Records Act 2012
1.2 The Privacy Act
The Privacy Act regulates how APP entities collect, hold, use and disclose personal information, and how individuals can access and seek correction of that information. APP entities are:
- Commonwealth agencies, including the Department of Health and
- Private sector organisations
which are bound by the Privacy Act.
‘Personal information’ is information or opinion in any form that identifies or enables identification of a living person. The complete definition in the Privacy Act is:
“Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- (a) whether the information or opinion is true or not; and
- (b) whether the information or opinion is recorded in a material form or not.”
1.3 Compliance with the Privacy Act
The Department is required to comply with the Privacy Act and in particular the thirteen APPs which regulate the collection, holding, use and disclosure of personal information.
2. Department’s Personal Information Handling Practices
2.1 Collection of personal information generally
The Department only collects personal information which it needs in order to perform its functions and activities including those contained in legislation administered by the Ministers responsible for the Department (as set out in the Administrative Arrangements Order). As the Department has limited direct contact with the public, the Department only collects personal information in a limited range of categories.
These categories include:
- personal information collected directly from an individual in programs such as the Medical Treatment Overseas program, the National Bowel Cancer Screening program and the Bonded Medical Places scheme.
- personal information collected by the Department of Human Services in relation to programs administered for and on behalf of the Department including the Personally Controlled Electronic Records System Operator.
- personal information added to PCEHR directly by consumers or uploaded by their healthcare providers.
- personal information collected by contracted service providers in compliance with contractual measures as required by the Privacy Act.
- personal information collected from employees, job applicants, contractors and others in relation to employment.
The Department collects personal information in accordance with the Privacy Act.
The Department routinely provides a privacy notice as required by APP 5 when it solicits personal information.
In some circumstances, individuals or organisations provide personal information on an unsolicited basis. Examples of this include correspondence to the Ministers or to the Department. The Department does not normally give an APP 5 privacy notice in these circumstances because the information is unsolicited.
In all cases where personal information is received, it is handled according to the particular circumstances and in compliance with the Privacy Act.
The Department collects personal information through a range of different channels including:
- paper-based and electronic forms (including online forms)
- face to face meetings
- telephone, email, and facsimile communications
- Department’s websites (including online portals)
- social media websites and accounts.
2.2 Kinds of personal information collected and held
The Department collects and holds various kinds of personal information including:
- records relating to personnel, payroll matters, recruitment, disciplinary and counselling matters for the Department’s staff, contractors and job applicants including security clearances and police record checks
- records relating to occupational health and safety matters including accident and injury records, compensation and rehabilitation case files
- applications, correspondence (including decision letters), instruments of appointment, medical and patient records and other records relating to the performance of the Department’s legislative and administrative functions and activities
- correspondence, invoices, receipts and other records relating to good and services supplied to the Department
- correspondence, invoices, receipts and other records relating to services provided by the Department or publications purchased from the Department
- correspondence, curricula vitae, remuneration and travel records and other records including membership lists relating to a range of non-statutory and statutory committees, boards, reference and working groups
- distribution and mailing lists relating to the dissemination of departmental publications, reports, newsletters and other information of interest to individuals
- correspondence and other documents relating to contracts, grants, allocations, funding agreements, requests for tenders and other procurement processes
- correspondence, reports and other records relating to internal and external audits, allegations of fraud and compliance investigations
- correspondence from individuals, third parties and the Ministers and Ministerial staff including background and briefing material
- correspondence and other documents relating to complaints and other feedback provided to the Department
- requests for access to documents held by the Department including requests under the Freedom of Information Act 1982 (FOI Act) and related correspondence
- correspondence and other documents relating to requests for legal advice
- certain PCEHR records, such as personal information added to PCEHR directly by consumers or uploaded by their healthcare providers.
2.3 Sensitive Information
Where the above kinds of personal information include sensitive information such as:
- information about an individual’s racial or ethnic origin
- health information such as details of an individual’s medical history, including details of specific medical conditions, disabilities and medication history
- information about an individual’s membership of a professional association
this information is given the higher level of protection required by the APPs.
2.4 How the Department holds personal information
Personal information held by the Department is stored on electronic media including the Electronic Document and Records Management System and also on paper files.
The Department stores and disposes of personal information in accordance with the Archives Act 1983.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.
2.5 Purposes for which personal information is collected, held, used and disclosed
The purpose for which the Department collects, holds, uses and discloses personal information will vary depending on the function and activity being taken and may include one or more of the following:
- performing personnel functions including work health and safety obligations in relation to the Department’s staff and contractors
- recruiting and engaging staff and contractors
- providing secretariat services to the Department’s committees, boards, reference and working groups
- providing assistance to or making payments to eligible recipients
- informing the design and development of the Department’s policies and programs and the composition of bodies providing advice to the Department
- assessing satisfaction with service provision
- undertaking compliance with legal obligations under portfolio and other legislation
- administering statutory schemes including registers, accreditation and exemption schemes
- administering scholarships, fellowships, awards and training programs
- undertaking health promotion activities and campaigns
- maintaining appointment and officer details and making decisions in relation to portfolio appointments
- conducting health surveillance activities
- researching and evaluating programs and activities
- investigating and responding to complaints about service provision and payments
- auditing the Department’s programs and activities and investigating and responding to allegations of fraud
- contract management
- managing and responding to correspondence and enquiries from individuals and organisations
- support for the Secretary in performing her functions under the Personally Controlled Electronic Health Records Act 2012
2.6 How to seek access to and correction of personal information
An individual has a right of access under the Privacy Act to personal information about himself or herself held by the Department. This right of access is subject to the entitlement of the Department to refuse access under the FOI Act. The Department, accordingly, requires individuals seeking access to their own personal information to seek that access under the FOI Act and not the Privacy Act in the first instance.
Individuals can request access to documents containing their personal information by emailing the Department’s FOI Unit. There is no charge under the FOI Act for making a request or for the provision of an individual’s personal information. More information about making FOI requests is available on the Department’s FOI Web page, or by telephoning (02) 6289 1666.
2.7 Disclosure of personal information overseas
The Department does not disclose personal information to overseas recipients except where this is required as a result of services provided to the individual through programs such as the Medical Treatment Overseas program.