A3. Health information privacy protection principles

  • Collection of private health information must be lawful, directly related to the University’s activities and necessary for the purpose.
  • Information must be collected directly from the person unless the person has given consent otherwise.
  • The person must be told why the information is being collected, what is done with it and who else might see it.
  • Information collected must be relevant and accurate.
  • The person concerned must be allowed to access, update, correct or amend their health information.
  • Personal health information must be securely stored, kept only as long as necessary and then disposed of appropriately.
  • It must be protected from unauthorised access, use or disclosure.
  • Authorised officers of the University may only disclose health information for the purpose for which it was collected or a directly related purpose, unless the person to whom it relates has consented otherwise.
  • There is an exemption that allows disclosure without consent in order to deal with a serious and imminent threat to any person’s health or safety.