Health information policy
This policy explains the purposes for which the State Revenue Office might receive health information, outlines how such information may be used, stored, accessed and disclosed, and affirms the State Revenue Office’s commitment to protecting the quality and security of this type of information.
Health Records Act 2001
The Health Records Act 2001 (HRA) defines ‘health information’ as being, amongst other things, information or opinion about the physical, mental or psychological health, or disability of an individual.
The objectives of the HRA are to:
- Require responsible handling of health information in the public and private sectors.
- Balance the public interest in protecting the privacy of health information with the public interest in the legitimate use of that information.
- Enhance the ability of individuals to be informed about their health care or disability services.
- Promote the provision of quality health services, disability services and aged care services.
The HRA incorporates 11 Health Privacy Principles (HPPs) that set the framework for collecting and managing health information. It establishes a right of access to health information, subject to the operation of other applicable laws. Read more about the HPPs.
Health information held by the State Revenue Office
The State Revenue Office treats a person’s health information with utmost confidentiality and ensures it is securely stored.
Collection of health information
The State Revenue Office may obtain health information where these details are relevant to, for example, a person’s employment, a claim for an exemption, concession or special consideration in respect of a tax or grant matter. Where information is collected directly from the person or their representative on a form provided by the State Revenue Office, there is explanation of why the information is required and the uses and disclosures permitted.
Use and disclosure of health information
A person might inform the State Revenue Office of their personal information such as name, address and date of birth as well as their health information such as medical or other health service provider records, medical histories and other assessments in support of a benefit, concession or reduction of penalties. This health information is used only for the purpose for which it is collected.
The State Revenue Office is restricted in how it may disclose a person’s health information. It does not disclose any health information collected by it unless disclosure is authorised by law, or permitted by the person to whom the health information relates.
The State Revenue Office takes care to ensure that the health information it collects about an individual is accurate, complete, and up to date.
The State Revenue Office has security measures designed to protect any health information it holds about an individual from misuse, loss, unauthorised access, modification or disclosure. Its Risk Management Framework aligns with the Victorian Government Risk Management Framework and the AS/NZS ISO 31000:2009 standard.
This policy outlines the key elements of the State Revenue Office’s management of health information.
Access to health information
Access to health information held by the State Revenue Office can be sought under the Freedom of Information Act 1982. To correct or get a copy of health information held by the State Revenue Office, a person can make a Freedom of Information (FOI) request to its FOI Officer. Enquiries and applications should be directed to the FOI inbox at email@example.com.
Retention and disposal of health information
The State Revenue Office retains and disposes of health information in accordance with the Public Records Act 1973, including the Retention and Disposal Authorities.
Concerns regarding the State Revenue Office’s handling of health information can be directed to its Privacy Officer on 9628 0000 or in writing:
State Revenue Office
GPO Box 1641
Melbourne VIC 3001
Anyone not satisfied with the outcome of a complaint can refer the matter to the Office of the Health Complaints Commissioner - telephone 1300 582 113.