Content
Health privacy framework
on this page
- » The privacy framework
- » The NHMRC's role in the health privacy framework
- » The role of Human Research Ethics Committees (HRECs) in health privacy
- » Recent events and developments in privacy
- » S95 Guidelines and S95A Guidelines
The privacy framework
The purpose of the Privacy Act 1988 is to protect the privacy of personal information, which is a part of the broader concept of privacy. The Privacy Act gave effect to Australia's agreement to implement Guidelines adopted in 1980 by the Organisation for Economic Cooperation and Development (OECD), and fulfils Australia's relevant obligations under the 'International Covenant on Civil and Political Rights'. The Privacy Act was generally established to protect personal information held by federal government departments and agencies.
In December 2000, the Privacy Amendment (Private Sector) Act 2001 was passed by Federal Parliament. The Amendment Act extended the Privacy Act to protect personal information held by private sector organisations. Information about the Privacy Act and the Amendment Act is available from the Federal Privacy Commissioner.
Under the Privacy Act , there are two sets of privacy principles to regulate and guide the handling of personal information: the Information Privacy Principles (IPPs), which apply to the Commonwealth public sector; and the National Privacy Principles (NPPs), which apply to the private sector. Handling personal or health information may involve, for example, the collection, use, storage and disclosure of data. Information about the privacy principles may be accessed from the Office of the Federal Privacy Commissioner.
The IPPs and the NPPs primarily relate to the handling of personal information. Health information is a particular subset of personal information, so that the health privacy framework is set within the general privacy framework.
Most states and territories have also enacted privacy legislation that applies to state public sectors. Some states and territories have also enacted legislation to protect privacy in the private sector.
[top]
The NHMRC's role in the health privacy framework
The primary focus of the NHMRC with respect to privacy is in relation to research, balancing the need for the protection of personal privacy in data, and the need to facilitate access to data for research purposes.
Under the Privacy Act 1988 , the NHMRC is authorised to issue guidelines to protect the privacy of personal information and health information that may be accessed in the conduct of research. The NHMRC has developed two sets of guidelines for the consideration of research proposals. The S95 Guidelines apply to Commonwealth public sector agencies, and were released in 2000. The S95A Guidelines apply to private sector organisations, and were released in 2001. The S95 Guidelines and the S95A Guidelines were issued with the approval of the Federal Privacy Commissioner.
It should be noted that these guidelines apply to particular kinds of research activities, i.e. they do not apply to all research through which personal or health information may be handled.
The NHMRC's Australian Health Ethics Committee (AHEC) monitors compliance with these guidelines and reports its findings to the Office of the Federal Privacy Commissioner.
[top]
The role of Human Research Ethics Committees (HRECs) in health privacy
In undertaking ethical assessment of research proposals, HRECs consider the protection of privacy of those participating in research, or data used in research. HRECs must first consider which legislation might apply to research proposals, i.e. Commonwealth or state/territory legislation, bearing in mind that in some cases more than one Act will apply. HRECs then consider whether a research proposal conforms to the relevant privacy principles, and where necessary, apply the S95 or S95A Guidelines or other relevant guidelines. HRECs need to consider applying the S95 or S95A Guidelines mainly in cases where consent from participants to handle their personal or health information cannot be obtained.
As part of their annual report to the NHMRC, all HRECs registered with the NHMRC are asked about their use of these guidelines when reviewing research proposals.
[top]
Recent events and developments in privacy
Review of the private sector provisions of the Privacy Act 1988 (Cth)
The introduction of the Privacy Amendment (Private Sector) Act 2001 included a stipulation that the amendments be reviewed, commencing no later than two years after their introduction. The review was announced by the Attorney-General in August 2004. Terms of reference can be found on the Office of the Federal Privacy Commissioner website.
The NHMRC has made a submission to this review. This submission, and further information on the NHMRC's activities to inform and contribute to this review, is also available.
Senate Inquiry into the Privacy Act 1988
In December 2004, the Senate announced an inquiry to be held by its Legal and Constitutional References Committee into the Privacy Act 1988 . The NHMRC has made a submission to this review, and information about this inquiry is available at: http://www.aph.gov.au/senate/committee/legcon_ctte/privacy/index.htm
Development of the draft National Health Privacy Code
Information about this national policy initiative is available through the Department of Health and Ageing's website at:
http://www.health.gov.au
[top]
S95 Guidelines and S95A Guidelines
The S95 Guidelines and the S95A Guidelines were both developed to provide a framework for making decisions about handling 'identifiable' data (personal or health information) that is required for research purposes, where consent from the individual cannot be obtained.
Guidelines under Section 95 of the Privacy Act 1988 provide a framework in which medical research involving personal
information held by Commonwealth agencies should be conducted, to ensure that such information is protected against unauthorised collection, use or disclosure.
Guidelines approved under Section 95A of the Privacy Act 1988 provide a framework to ensure the privacy protection of health information that is collected, used or disclosed in the conduct of research, and the compilation or analysis of statistics relevant to public health or public safety, and in the conduct of health service management activities. The Guidelines approved under Section 95A of the Privacy Act 1988 apply to private sector organisations or institutions.
Revision of S95 Guidelines and S95A Guidelines
The Guidelines Under Section 95 of the Privacy Act 1988 (s95) set the current standard for the protection of privacy in the conduct of medical research involving human participants in Australia. The s95 guidelines provide a framework for the conduct of medical research using information held by Commonwealth agencies where identified information needs to be used without consent. In these situations, a Commonwealth agency may collect or disclose, in identifiable form, records for medical research purposes without infringing the Privacy Act 1988 if the proposed medical research has been approved by a properly constituted Human Research Ethics Committee (HREC) in accordance with the s95 guidelines.
The Guidelines approved under Section 95A of the Privacy Act 1988 (s95A) apply to the collection, use or disclosure of health information by organisations in the private sector for the purposes of research or the compilation or analysis of statistics, relevant to public health or public safety, and in the conduct of health service management activities where it is impracticable to seek consent from the individual(s) involved.
The s95A guidelines provide a framework for HRECs and those involved in conducting research, the compilation or analysis of statistics or health service management, to weigh the public interest in the use of the health information for specific purposes.
The s95 guidelines were released in March 2000 and the s95A guidelines were released in December 2001. It is NHMRC policy to revise its guidelines every five years, however NHMRC has decided that a review of the s95 and s95A guidelines will not take place at the present time. It is anticipated that changes to the s95 and s95A guidelines would be considered when any changes to the Privacy Act 1988, as a result of the Australian Law Reform Commission review, have been proposed.
Until such time, it should be noted that the National Statement on Ethical Conduct in Human Research 2007 and the Australian Code for the Responsible Conduct of Research 2007 should override the current references in the s95 and s95A guidelines that refer to the National Statement on Ethical Conduct in Research Involving Humans 1999 and the Joint NHMRC/AVCC Statement and Guidelines on Research Practice respectively.
[top]
Help
|
|
Linked documents tagged with the PDF icon Note: Attempting to open large PDF files within the browser window may lead to system problems. For more information see Troubleshooting and access of large pdf documents. |
are formatted as Adobe Acrobat PDF (Portable Document Format) files. If you wish to view the PDF files you will
need to install the Adobe Acrobat Reader on your computer.
The Adobe Acrobat Reader is available for free download from the [top]