Access Your Health Information Rights in Australia
Summary
The OAIC published guidance explaining that Australian privacy law grants individuals a general right to request access to health information held by health service providers. The guidance specifies that providers should respond within 30 days, may charge a non-excessive fee for access, and must provide written notice if refusing a request. Individuals may authorize representatives, request information in specific formats, and lodge complaints with the OAIC if unsatisfied.
“A health service provider should respond to a request for access to your health information within a reasonable period. We generally think 30 days is a reasonable period.”
About this source
GovPing monitors Australia OAIC Privacy Determinations alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.
What changed
The OAIC published a guidance page explaining the existing rights of individuals under Australian privacy law to access their health information held by health service providers. The document details procedural steps: individuals should contact providers directly, requests may be made in writing with identification, and providers may charge a non-excessive fee covering staff time, reproduction, and postage. Providers may refuse access only in limited circumstances such as threats to life or health, impact on another person's privacy, or unlawful disclosure — and must provide written notice explaining the refusal and complaint options.
For health service providers, this guidance confirms existing obligations under the Privacy Act 1988 and Australian Privacy Principles. Providers should establish clear procedures for handling access requests, respond within a reasonable period (typically 30 days), and maintain written records of refusals including appeal mechanisms. When doctors retire or die, records retention depends on state or territory law, with some jurisdictions (ACT, NSW, Victoria) requiring 7-year retention or until a child patient turns 25.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Access your health information
- ## On this page
- Public hospitals
- How to request access
- When should you get a response to your request?
- Can a health service provider refuse your request?
- How will you receive your health information?
- Is there a charge?
- When you change your health service provider
- Related pages Australian privacy law gives you a general right to request access to the health information a health service provider holds about you.
Public hospitals
State or territory laws cover health information a public hospital holds about you.
How to request access
Contact the health service provider that holds your health information to request access. Only you or another person you’ve authorised, such as a legal guardian or authorised representative, can make the request.
You may be asked to put your request in writing and for information that identifies you. You may be asked to include:
- your name and address
- the health information you want
- how you’d like to access the health information (such as, by email, paper copies or if you just want to look at the information)
- if you authorise a person or organisation to access the health information on your behalf.
When should you get a response to your request?
A health service provider should respond to a request for access to your health information within a reasonable period. We generally think 30 days is a reasonable period.
Can a health service provider refuse your request?
A health service provider can refuse to give you access to your health information in some situations, such as if:
- it may threaten your or someone else’s life, health or safety
- it may impact someone else’s privacy
- giving access would be unlawful. If giving you certain information would impact someone else’s privacy, a health service provider could block out that part and give you the rest of the information. If it’s not possible to give information directly to you because of a concern for your health or safety then they might give access through an agreed third party.
If your health service provider refuses to give you access they must give you a written notice telling you why, and how you can complain about their refusal.
How will you receive your health information?
You can ask for your health information to be given to you in a particular way — by email, phone, hard copy, electronic record, in person, letting you view it, or sending a copy to another health service provider.
If you ask for access in a way that is unreasonable or not practical, a health service provider can give it to you another way — such as on a USB stick rather than paper copies, giving you a summary of the information or allowing you to view it. Another option is to use an agreed third party.
If a health service provider refuses to give you access in the way you requested they must give you a written notice telling you why, and how you can complain about their refusal.
Is there a charge?
A health service provider may charge a fee for giving you access, but this charge can’t be excessive.
The charge may include the cost of:
- staff searching for, locating and retrieving the requested information, and deciding which health information is relevant to the request
- staff reproducing and sending the health information
- the postage or materials involved in giving access
- using an intermediary, if necessary. A health service provider can’t use this charge to discourage you from requesting access to your health information. If possible, they should tell you the likely amount of the charge.
They should also discuss with you options for changing your request to minimise the charge. For example, by changing the way they give it to you — by email rather than paper copy.
When you change your health service provider
If you want access to your health information because you are changing to another health service provider, your current health service provider might prefer to transfer your record to the new health service provider rather than giving you the information directly.
If your doctor has retired or died
Whether a doctor is required to retain patient records depends on the law in the relevant state or territory. For example, in the ACT, NSW and Victoria, privacy law requires a health service provider to keep records for 7 years or, in the case of a child, until the child turns 25. For more information about state and territory privacy laws, see Privacy in Your State.
If a doctor is part of a larger practice and has retired or died, the practice may retain the doctor’s records. Sometimes, when a doctor has died, the records will become the property of the executor of the doctor’s estate and the only way a patient can access the records is to locate the executor and seek a copy of the records. However, if the doctor used My Health Record you may be able to continue to access your medical records on My Health Record, even though the doctor has retired or died.
For more information about accessing your health information, see the Australian Privacy Principles, Chapter 12
If you’re not happy with a health service provider’s response, you can lodge a complaint with us.
Related pages
### Correct your health information ### Australian Privacy Principles guidelines
Did you find this helpful?
Yes
Related changes
Get daily alerts for Australia OAIC Privacy Determinations alt
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from OAIC.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Australia OAIC Privacy Determinations alt publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.