Privacy Legislation Amendment Act 2006

(99 of 2006)

An Act to amend the law relating to privacy protection of certain health and other information, and for related purposes

[Assented to 14 September 2006]

The Parliament of Australia enacts:

1   Short title

This Act may be cited as the Privacy Legislation Amendment Act 2006.

2   Commencement

This Act commences on the day on which it receives the Royal Assent.

3   Schedule(s)

Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.

Schedule 1   Amendments relating to collection of health information

National Health Act 1953

1   After section 135AB

Insert:

135AC Authorisation of collection of particular health information

(1) If:

(a) particular health information is disclosed to an organisation; and

(b) the disclosure is authorised by or under a health law;

then the collection of the information by the organisation to whom the information is disclosed is taken to be authorised by or under law for the purposes of subparagraph 10.2(b)(i) of National Privacy Principle 10 in Schedule 3 to the Privacy Act 1988.

(2) In this section:

health law means any of the following:

(a) an Act administered by the Minister;

(b) the Medicare Australia Act 1973.

organisation has the same meaning as in the Privacy Act 1988.

Privacy Act 1988

2   Subparagraph 10.2(b)(i) of Schedule 3

Omit “by”, substitute “or authorised by or under”.

Schedule 2   Amendments relating to genetic information

Privacy Act 1988

1   Subsection 6(1)

Insert:

genetic relative of an individual (the first individual ) means another individual who is related to the first individual by blood, including but not limited to a sibling, a parent or a descendant of the first individual.

2   Subsection 6(1) (at the end of the definition of health information )

Add:

; or (d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

3   Subsection 6(1) (at the end of the definition of sensitive information )

Add:

; or (c) genetic information about an individual that is not otherwise health information.

4   After section 95A

Insert:

95AA Guidelines for National Privacy Principles about genetic information

Overview

(1) This section allows the Commissioner to approve for the purposes of the National Privacy Principles (the NPPs ) guidelines that are issued by the National Health and Medical Research Council.

Approving guidelines for use and disclosure

(2) For the purposes of subparagraph 2.1(ea)(ii) of the NPPs, the Commissioner may, by legislative instrument, approve guidelines that relate to the use and disclosure of genetic information for the purposes of lessening or preventing a serious threat to the life, health or safety (whether or not the threat is imminent) of an individual who is a genetic relative of the individual to whom the genetic information relates.

Review by AAT

(3) Application may be made to the Administrative Appeals Tribunal for review of a decision of the Commissioner to refuse to approve guidelines.

5   After paragraph 2.1(e) of Schedule 3

Insert:

(ea) if the information is genetic information and the organisation has obtained the genetic information in the course of providing a health service to the individual:

(i) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety (whether or not the threat is imminent) of an individual who is a genetic relative of the individual to whom the genetic information relates; and

(ii) the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95AA for the purposes of this subparagraph; and

(iii) in the case of disclosure - the recipient of the genetic information is a genetic relative of the individual; or