Skip to main content

The South West Alliance Of Rural Health

Barwon Health Privacy Policy


Barwon Health (BH) is committed to protecting the privacy of patient and staff information. We are required by law to protect personal information and comply with the Health Records Act 2001 (HRA) and other relevant legislation relating to confidentiality and privacy. This policy outlines the management of personal information at BH to satisfy the requirements of this legislation.

Target Audience

This policy relates to staff, patients and their families, visitors, members of the public and external organisations


BH - Barwon Health
TCM – The Care Manager


Collection BH provides all patients with a copy of "what happens to information about me" brochure outlining key information about the organisation's information handling practices and how a patient can access their information. BH only collects personal health information necessary to perform our functions. Information will be collected by fair and lawful means, where possible directly from the patient themselves.

Use and Disclosure In general, information is only used and disclosed for the primary purpose for which it was collected or a directly related secondary purpose. Generally, this is for the purpose of providing care and treatment or purposes directly related. We may use or disclose information for other purposes, which are permitted under law. For example: to lessen or prevent a serious threat to public health, welfare or safety.

Individual patient consent is obtained for use or disclosures for purposes that are not directly related to primary or secondary purposes. BH normally transfers information to the GP or referring doctor after a patient is discharged or after an emergency or outpatient visit. Patients (or guardians) are able to request this does not occur. BH will make health information relating to an individual available to another health service provider if requested by the individual. Information that is de-identified, ensuring an individual's identity cannot be ascertained, is not covered by the Health Records Act 2001 and may be used and disclosed without consent. All BH staff sign confidentiality agreements as part of their employment contract, and are subject to disciplinary action if there is a breach. Data Quality BH employees must take reasonable steps to keep all current personal information it holds up-to-date, accurate and complete.

Data Security and Data Retention All reasonable measures are taken to protect personal health information within BH from unauthorised access, improper use, disclosure, unlawful destruction or accidental loss. Our medical records and computer systems have controlled access and only authorised staff members can gain access. Information that may be needed for future care of the individual or for public health reasons will be kept securely for future retrieval.

Openness The patient privacy brochure is available to anyone who asks for further information on BH information handling practices. BH has a complaints process to address patient concerns relating to the care and handling of their personal information.

Access and Correction Patients are able to request access to their personal information held by BH, as set out in the Freedom of Information Act 1982. In some circumstances access may be refused and an explanation will be provided. Patients also have a right to request an amendment to incorrect information.

Identifiers A numeric identifier is allocated to each patient that attends BH to enable ongoing care and treatment to be provided.

Anonymity In general, it is impracticable for BH to provide healthcare to individuals anonymously.

Transborder Data Flow BH will only transfer information outside Victoria in circumstances where the information will have appropriate protection; where the transfer is necessary for the provision of service to the individual; or where consent has been obtained. Transfer or closure of the practice of a health service provider In the event BH or part thereof is sold, transferred, amalgamated or closed down, health information will be handled in accordance with Health Privacy Principle 10 contained within the Health Records Act.

Direct Access to Systems for other Health Service Providers In some cases external healthcare providers will be able to access a joint database of patient/client data, for example TCM, on condition that:

  1. The participating healthcare provider signs a confidentiality form (or equivalent); and
  2. Their participating clients sign consent


Regular document revision and review of relevant 'RiskMan' Reports will be used to evaluate the effectiveness of this policy.

Last Modified: Tuesday, 21 March 2023

“Without the support of SWARH IT professionals working both on-site and externally at our health service, we could not provide the high level of patient centred service to our consumers”.— Great Ocean Road Health