Privacy Laws

The Privacy Act 1988 ( Privacy Act) protects personal information. Personal information is information or an opinion that identifies your patient and includes information about their health. This fact sheet provides a summary of the rights the Privacy Act gives your patient in relation to private-sector health service providers’ handling of health information. Practically, this usually involves communication between yourself and other stakeholders within the organisation other than the patient. EG: Communicating information to managers, discussing suitable duties and emailing letters to management regarding patients progress.

What is Health Information?

Health information is any information about your patient's health or a disability, as well as any other personal information collected while your treating, including •  notes about the symptoms, observations and opinions of health • prescription information • contact and billing details • test results and reports, such as those relating X- rays, blood samples and scans • other sensitive information about you such as race, sexuality or religion. • Possible diagnosis, plans or possible suitable duties that have been discussed Health information is sensitive information under the Privacy Act. This means there are added restrictions on how health service providers can handle health information compared to other types of personal information. I f you are discussing a patients progress with management unless you have received consent from the patient, don’t mention diagnosis, outcome, treatment, scans or restrictions. EG: ( Management) How is Bryan from the Mill going with his shoulder? ( Onsite Physio) Brian is going well thanks, we are working hard and we should be on top of this in the near future. I f we are not, I  will get consent from Brian to discuss this and possible suitable duties with you.

Health Service Providers

A health service provider ( provider) is any organisation that:

Examples of providers include doctors ( such as General Practitioners), pharmacists, dentists, private hospitals, counsellors, psychologists, nurses,  chiropractors,  physiotherapists, naturopaths, masseurs, gyms, weight loss clinics, child care centres, private schools and disability services. All private sector providers are covered by the Australian Privacy Principles ( APPs).


When the patient turns up to the clinic, receives treatment and recommendations they are consenting to you holding personal information on about their injury which you will record in the note and BORED stats. This is called implied consent. They are NOT consenting to you releasing that information to managers unless they have given your consent. As the onsite therapist, you wi l l need to discuss the possibility of suitable duties with the patient if their injury needs some form of load reduction. At first, this discussion can be around Load reduction using education, strapping or bracing strategies. If MSK complaint is not responding, and you feel that a structured suitable duties plan is needed, you must get consent from the injured worker before discussing and emailing management about this.

Record this in the notes, work out a plan with the worker using the Job Task Diary and email supervisor using letter function in software to inform them of changes.

Disclosing Personal Information

Generally, a provider can only use and/ or disclose health information for the particular purpose for which they originally collected the information ( known as the ‘ primary purpose’). A  provider can also use and/ or disclose your health information for another purpose ( a ‘ secondary purpose’) where you consent to them doing so. Exceptions There are situations where a provider can use and/ or disclose your health information for a secondary purpose even if you have not consented to them doing so. These situations include where you would be reasonably expecting a  provider to use or disclose your health information for a   secondary purpose that is directly related to the primary purpose of collection.  Your  ‘ reasonable expectation’ about what health information might be shared with other providers might vary depending on the situation. For example, where a GP refers you to a specialist doctor for the treatment of a serious condition, you may reasonably expect your GP to give the specialist doctor your complete medical history and any related test results so the specialist doctor can decide how to treat your condition. In contrast, where a  GP refers you to a physiotherapist for a specific back problem, you may not reasonably expect your GP to give the physiotherapist information about unrelated health conditions, such as a previous diagnosis of depression.

Anonymous Use Of Services

There may be situations where employees may want to utilise your services without booking through the normal channels onsite. For example, the patient may not want to alert supervisors and visit the clinic, and they visit you onsite outside of their working hours. This is welcome, not normal and indicates that a relationship within the organisation is under strain.

Privacy and respecting your patient's rights are at the foundation of the onsite clinic. This is reflected in your KPIs as a  therapist ensuring you get consent from your patient to discuss their injury where applicable. At the time of this writing, suitable duties compromise < 5 % of treatments on-site and has been consistent for 10 years now.