A3. Health information privacy protection principles
Collection of private health information must be lawful, directly related to the University’s activities and necessary for the purpose.
Information must be collected directly from the person unless the person has given consent otherwise.
The person must be told why the information is being collected, what is done with it and who else might see it.
Information collected must be relevant and accurate.
The person concerned must be allowed to access, update, correct or amend their health information.
Personal health information must be securely stored, kept only as long as necessary and then disposed of appropriately.
It must be protected from unauthorised access, use or disclosure.
Authorised officers of the University may only disclose health information for the purpose for which it was collected or a directly related purpose, unless the person to whom it relates has consented otherwise.
There is an exemption that allows disclosure without consent in order to deal with a serious and imminent threat to any person’s health or safety.