A3. Health information privacy protection principles
- Collection of private health information must be lawful, directly related to the University’s activities and necessary for the purpose.
- Information must be collected directly from the person unless the person has given consent otherwise.
- The person must be told why the information is being collected, what is done with it and who else might see it.
- Information collected must be relevant and accurate.
- The person concerned must be allowed to access, update, correct or amend their health information.
- Personal health information must be securely stored, kept only as long as necessary and then disposed of appropriately.
- It must be protected from unauthorised access, use or disclosure.
- Authorised officers of the University may only disclose health information for the purpose for which it was collected or a directly related purpose, unless the person to whom it relates has consented otherwise.
- There is an exemption that allows disclosure without consent in order to deal with a serious and imminent threat to any person’s health or safety.