- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52
- Page 53
- Page 54
- Page 55
- Page 56
- Page 57
- Page 58
- Page 59
- Page 60
- Page 61
- Page 62
- Page 63
- Page 64
- Page 65
- Page 66
- Page 67
- Page 68
- Page 69
- Page 70
- Page 71
- Page 72
- Page 73
- Page 74
- Page 75
- Page 76
- Page 77
- Page 78
- Page 79
- Page 80
- Page 81
- Page 82
- Page 83

- Flash version

© UniFlip.com
background image
27
The Private Practice
Summer 2013/14
information is handled in an open
and transparent manner.
A health organisation or medical
practice must soon have an APP privacy
policy and/or procedure that contains
the following information:
· How the organisation or practice
collects and holds personal
information.
· The purposes for which the
organisation or practice collects,
holds, uses and discloses
that information.
· How an individual person may
access their personal information
as held by the organisation or
practice, and seek the correction
of that information if necessary.
· How an individual may complain
about any breach, and how the
organisation or practice will
deal with such a complaint.
· Whether the organisation or
practice is likely to disclose personal
information to overseas recipients
and, if so, if it is practicable to
specify the countries in which those
recipients are likely to be located.
It is now mandatory under APP 1
to implement practices, procedures and
systems that will ensure compliance
with the APPs.
· APP 2 ­ Anonymity and
pseudonymity
Under APP 2, an organisation must
now provide individuals with the
option of using a pseudonym. This
obligation is in addition to the existing
requirement that individuals may deal
with an organisation anonymously.
· APP 3 ­ Collection of solicited
personal information
Under APP 3, an organisation must
not collect personal information (other
than sensitive information), unless the
information is reasonably necessary
for one or more of the organisation's
functions or activities.
APP 3 clarifies that sensitive
information must only be collected
with an individual's consent, and if
the collection is reasonably necessary
for one or more of the organisation's
functions or activities.
An organisation must only collect
personal information directly from the
individual, unless it is unreasonable or
impracticable to do so.
· APP 4 ­ Dealing with unsolicited
personal information
Under APP 4 there now obligations
with respect to the receipt of personal
information not solicited. Where
an organisation receives unsolicited
personal information, it must
determine whether it would have been
permitted to collect the information
under APP 3. If so, APPs 5 to 13 will
apply to that information.
If the information could not have
been collected under APP 3, and
the information is not contained
in a Commonwealth record, the
organisation must destroy or de-
identify that information as soon
as practicable, if it is lawful and
reasonable to do so.
· APP 5 ­ Notification of the
collection of personal information
APP 5 specifies certain matters about
which an organisation must generally
make an individual aware, with respect
to the collection of his or her
personal information.
APP 5 imposes an additional
obligation on organisations to notify
individuals about the access, correction
and complaints processes in their APP
privacy policies, and also the location
of any likely overseas recipients of an
individual's information.
· APP 6 ­ Use and disclosure of
personal information
APP 6 outlines the circumstances in
which an organisation may use or
disclose the personal information it
holds about an individual.
This principle also introduces
some new exceptions to the general
requirement that an organisation
may only use or disclose personal
information for the purpose for which
the information was collected.
Those exceptions include where
the use or disclosure is reasonably
necessary to assist in locating a missing
person; to lessen or prevent a serious
threat to the life, health or safety of an
individual or to public health or safety;
to establish, exercise or defend a legal
or equitable claim; or for the purpose
of a confidential alternative dispute
resolution process.
· APP 7 ­ Direct marketing
Organisations generally may only use
or disclose personal information for a
direct-marketing purpose where the
individual has either consented to their
personal information being used for that
purpose, or has a reasonable expectation
that their personal information will be
used for that purpose.
· APP 8 ­ Cross-border disclosures
APP 8, and associated provisions,
creates new accountability for
organisations with respect to any
cross-border disclosure of personal
information, and provides the
framework for the most contentious
of the reforms.
MEDICO LEGAL