DKV v Southern NSW Local Health District

Case

[2019] NSWCATAD 12

08 January 2019

No judgment structure available for this case.

Civil and Administrative Tribunal


New South Wales

Medium Neutral Citation: DKV v Southern NSW Local Health District [2019] NSWCATAD 12
Hearing dates: 15 October 2018
Date of orders: 08 January 2019
Decision date: 08 January 2019
Jurisdiction:Administrative and Equal Opportunity Division
Before: R L Hamilton S.C, Senior Member
Decision:

The Tribunal decides to take no action in respect of conduct other than that which the respondent conceded involves a breach of the HPPs.

Catchwords: HEALTH – privacy- Health Privacy Principles- jurisdiction of Tribunal- HPP 9 and HPP 11.
Legislation Cited: Health Records and Information Privacy Act 2002
Privacy and Personal Information Protection Act 1998
Cases Cited: ALZ v WorkCover NSW [2015] NSWCATAP 138
CEU v University of Technology Sydney [2018] NSW CATAD 13
KJ v Wentworth Area Health Service [2004] NSWADT 84
Texts Cited: Nil
Category:Principal judgment
Parties: DVK – Applicant
Southern NSW Local Health District - Respondent
Representation: Solicitors:
DVK (Self Represented) (Applicant)
Crown Solicitor’s Office (Respondent)
File Number(s): 2018/00111711
Publication restriction: Nil

REASONS FOR DECISION

  1. This is a review by the Tribunal of the respondent agency’s conduct in relation to a confidential medical report about the applicant. The applicant considers that the agency contravened the Health Privacy Principles (HPPs) laid down by the Health Records and Information Privacy Act 2002 (HRIP Act). The HPPs protect individuals in relation to the collection, storage, use and disclosure of their health information by ‘organisations’. A ‘public sector agency’ is one of two types of organisation bound by the HRIP Act. The respondent is a ‘public sector agency’; and is bound by the Act (ss 4, 11). It has been agreed between the parties (where the applicant appeared by telephone) that this should be done ‘on the papers’.

  2. In brief the applicant consulted with a specialist in a health facility conducted by the respondent. The specialist took notes. The specialist sent a report on the consultation in a referral letter to GP 1 who was not the current treating GP of the applicant (the wrong GP) and also to GP 2 who was the current treating GP.

  3. The applicant has alleged that there have been breaches of the Health Privacy Principles (HPP) and seeks remedial action and compensation. It has been agreed between the parties that the matter of liability will be determined as a preliminary question and the issue of compensation will be dealt with later.

  4. The issues are whether there has been a breach of:

  1. HPP 2 (collection) being the collection of health information that was irrelevant, excessive, inaccurate or in a manner that was intrusive. This claim gives rise to a question of whether the Tribunal has jurisdiction to determine it, since it was not made in the applicant’s complaint and therefore the respondent’s IR has not addressed the question.

  2. HPP 4 (collection) that the applicant was not informed about the purpose for which the information was being collected or to whom it might be disclosed.

  3. HPP 9 (accuracy) in that the respondent did not ensure that the applicant’s health information was relevant, accurate and up to date before it was used.

  4. HPP 11 (disclosure) when it sent a copy of the specialist’s referral letter to both the wrong GP, and the applicant’s treating GP.

  1. The respondent concedes that it breached HPP 11 by sending the referral letter to the wrong GP. It also concedes that it breached HPP 4 in relation to informing the applicant about the purpose for collecting information and to whom it might be disclosed.

  2. For this reason the live questions which remain are whether there was a breach of HPP 11 in the provision of a copy of the referral letter to the treating GP; whether there was a breach of HPP 9; and finally whether the Tribunal has jurisdiction to determine whether there has been a breach of HPP 2.

The Facts

  1. The Tribunal has the following evidence before it:

  1. an affidavit of the applicant, DKV dated 31 August 2018;

  2. a statement by DKV dated 10 October 2018;

  3. a witness statement from Ms K, manager of the health facility;

  4. a witness statement by Dr B, another specialist and a clinical director at the agency;

  5. a witness statement from Ms MF, a nurse at the health facility.

  1. The respondent issued a summons to the current treating GP for the applicant’s medical records and the documents produced are before the Tribunal.

  2. The following is a chronology of what occurred:

  1. 17 January 2018 – the applicant called a helpline seeking assistance due to the unavailability of GP 2, the treating GP. (The records indicate that the call related to the unavailability of the treating GP for 3 weeks. It is something of an oddity to the Tribunal that the summonsed medical records indicate that the applicant visited GP 2 on 17 January 2018 and again on January 24th, February 1, February 5, February 12 and then March 1st). The applicant was advised to come to the health facility the next day.

  2. 18 January 2018 – the applicant attended the health facility and made an urgent appointment to see the specialist. Separately on that day the applicant was treated at the health facility for an ankle injury by GP 1 who was a visiting medical officer there.

  3. 23 January 2018 – DKV attended an appointment with the specialist. Ms MF was also present. During the consultation the specialist prepared a report and GP referral letter which, according to Ms MF, was discussed with the applicant relating to follow up treatment. Due to some computer malfunction the report template auto-populated the GP’s names to be GP 1, the wrong GP who had treated the applicant at the facility for an ankle injury, and GP 2, the treating GP. The auto population function had initially added a 3rd doctor but the applicant had noticed the error and pointed it out. Nothing material turns on this. The applicant stated that the specialist was advised that the wrong GP was not the applicant’s treating GP.

  4. 24 January 2018 – the referral letter was faxed to the wrong GP and to the treating GP.

  5. 30 January 2018 – the health facility received a complaint letter from the applicant. The applicant had become aware that the practice of GP 1 had received the faxed referral letter and was particularly upset about it, as this was the wrong GP. However the respondent in this case concedes that it breached HPP 11 by doing this.

  6. February 2018 – the complaint is investigated by Ms K and consultation occurs with the applicant.

  7. April 2018 applicant lodges application with NCAT.

  8. Approximately 18 May 2018 – Internal Review is commenced at the facility.

  9. Approximately 8 June 2018 – IR is completed at the health facility and copy of internal review report is provided to the applicant.

  1. In addition to conducting the investigation into the complaint and the internal review the respondent has done a number of things to address the complaint and improve its processes as set out in the affidavit of Ms K. In brief these are as follows: provision of a rapid written apology to the applicant acknowledging the distress caused; continuing numerous attempts to contact the applicant to discuss the complaint; telephone apology and discussion of possible solutions to concerns; offers of clinical support and transport; further written apology and a progress report on addressing the complaint; offers to seek removal of the referral letter from the files of the wrong GP which was not accepted; rewriting of the referral letter; offers to add notations required by the applicant to the facility’s files; together with changes to the practices and procedures at the health facility to minimise the chances of a recurrence of the conduct complained of. It appears that the respondent has taken the complaint very seriously and has acted responsibly to try to limit the impact on the applicant and to prevent further damage.

Legislation

  1. The Health Records and Information Privacy Act 2002 (HRIP Act) regulates the handling of personal health information through 15 health privacy principles (HPPs). It operates in conjunction with the Privacy and Personal Information Protection Act 1998 (PPIP Act) which contains 10 information protection principles (IPPs), and deals with reviews of the conduct of public sector agencies.

  2. Sec. 21 of the HRIP Act provides as follows:

(1)   The following conduct by a public sector agency is conduct to which Part 5 (Review of certain conduct) of the PPIP Act applies:

(a)   the contravention of a Health Privacy Principle that applies to the agency,

(b)   the contravention of a health privacy code of practice that applies to the agency.

(2)   For that purpose, a reference in that Part:

(a)   to personal information is taken to include health information, and

(b)   to an information protection principle is taken to include a Health Privacy Principle, and

(c)   to a privacy code of practice is taken to include a health privacy code of practice.

(3)   This section applies only to conduct engaged in after the commencement of this section.

  1. Sec. 53 of the PPIP Act relevantly provides that a person who is aggrieved by the conduct of a public sector agency is entitled to a review of that conduct. The review is to be undertaken by the public sector agency concerned. An application for review must be in writing and be lodged within 6 months of when the applicant became aware of the conduct concerned. The application is to be dealt with by an individual employed by the agency, who is suitably qualified and who was not substantially involved in any matter relating to the conduct the subject of the application

  2. The review must be completed as soon as is reasonably practicable in the circumstances. However, if the review is not completed within 60 days from the day on which the application was received, the applicant is entitled to make an application under section 55 to the Tribunal for an administrative review of the conduct concerned.

  3. Following the completion of the review, the public sector agency whose conduct was the subject of the application can take a number of steps set out in the section.

  4. As soon as practicable (or in any event within 14 days) after the completion of the review, the public sector agency must notify the applicant in writing of:

  1. the findings of the review (and the reasons for those findings), and

  2. the action proposed to be taken by the agency (and the reasons for taking that action), and

  3. the right of the person to have those findings, and the agency's proposed action, administratively reviewed by the Tribunal.

  1. Section 54 PPIP Act requires that the Privacy Commissioner be advised and involved.

  2. Section 55 PPIP Act provides for a review by NCAT of the conduct of the agency if the aggrieved person is still satisfied with internal review. The Tribunal can make various orders as set out in s.55(2). Of particular relevance to this matter is s.55(1) which states:

“If a person who has made an application for internal review under section 53 is not satisfied with:

(a)   the findings of the review, or

(b)   the action taken by the public sector agency in relation to the application,

the person may apply to the Civil and Administrative Tribunal for an administrative review under the Administrative Decisions Review Act 1997 of the conduct that was the subject of the application under section 53.”

It is submitted that it is a precondition of a review of conduct that was the subject of the application by the Tribunal that there has first been an internal review of that conduct by the agency. It is further submitted that in consequence, as a possible breach of HPP 2 was not considered by the IR, the Tribunal has no jurisdiction to review.

  1. The relevant HPPs are set out in clauses in Schedule 1 of the HRIP Act. The text is contained in the schedule at the end of this decision.

  2. The health privacy code of practice is not presently relevant.

Orders Sought

  1. The applicant seeks orders of the Tribunal requiring the specialist to write a letter recognising that person’s wrong action and showing insight into wrongdoing. Regrettably the specialist is deceased. The applicant seeks compensation, but the assessment is agreed to be postponed.

  2. These orders were later expanded to seek removal of the referral report from the treating GP’s files, and also to remove the referral report from the applicant’s own lawyer’s files and for the agency to provide a letter to those lawyers saying that there were some inaccuracies in that referral report in breach of the HPPs.

Concessions

  1. As set out previously the respondent has conceded that there was a breach of HPP 11 by provision of the report to the wrong GP which can be put down to a combination of computer and human error. The respondent also concedes that HPP 4 was breached even though it was not raised in the complaint.

Jurisdiction

  1. The respondent argues that the Tribunal does not have jurisdiction to review potential breach of HPP 2 because it was not raised in the applicant’s complaint to the respondent and so was not the subject of internal review. Section 55(1) of the PPIP Act requires there to be an internal review under PPIP before NCAT can review the result.

  2. The respondent relies on the decisions of the Appeal Panel and Tribunal in ALZ v WorkCover NSW [2015] NSWCATAP 138 at [62]-[63] and CEU v University of Technology Sydney [2018] NSW CATAD 13 at [75]-[76]. In ALZ the Appeal Panel said at [62]: “A key principle in privacy litigation before the Tribunal is that the scope of the proceedings is limited to the matters put in issue in the internal review process.” It has been held that even though it is a precondition of NCT review that there has first been an internal review, the Tribunal is undertaking a second review of the conduct not a review of the outcome of the Internal Review (CEU at [75]). So Tribunal cannot review matters were not raised in the course of the Internal Review.

  3. Even if the Tribunal did have jurisdiction to consider HPP 2 I am satisfied that the notes taken by the specialist at the consultation were appropriate because they were reasonably proportionate to the subject matter of the consultation and necessary and relevant to advise a clinician involved in follow up treatment. They did not unduly intrude on the private affairs of DKV. The claims of inaccuracies by the applicant appear to be minor and unlikely to be material to ongoing treatment. The information was gathered from DKV and the claimed inaccuracies could easily have arisen from a misunderstanding of the information being conveyed over the period of the consultation. Dr B is a specialist in the same specialty at the facility who states on affidavit that it is usual in this field to take details of personal and family history and relationships. This seems intuitively correct.

  4. The major source of remaining complaint concerns the disclosure of information to the treating GP, and whether there has been a breach of HPP 11.

  5. GP 2 had been treating the applicant for nearly 20 years, including for conditions for which the applicant sought assistance at the consultation with the specialist. It was therefore quite the usual course for the specialist to be providing a referral letter to the treating GP, in particular where the advice was to continue attending the treating GP for follow up treatment. HPP 11 relevantly provides:

“An organisation that holds health information must not disclose the information for a purpose (a "secondary purpose" ) other than the purpose (the "primary purpose" ) for which it was collected unless:

(a)   the individual to whom the information relates has consented to the disclosure of the information for that secondary purpose, or

(b)   the secondary purpose is directly related to the primary purpose and the individual would reasonably expect the organisation to disclose the information for the secondary purpose, or

Note : For example, if information is collected in order to provide a health service to the individual, the disclosure of the information to provide a further health service to the individual is a secondary purpose directly related to the primary purpose.”

  1. In my view the information is being disclosed for the primary purpose for which it was collected. The purpose for which it was collected by the specialist was to assess the applicant’s health, provide an up to date diagnosis and set out a plan and recommendations for ongoing treatment by way of referral to the treating GP.

  2. Alternatively, the disclosure of the information was directly connected to the purpose for which the information was gathered (to diagnose and recommend a further health service be provided) and the applicant could reasonably expect that the report would be sent to GP 2, given that it was discussed at the consultation. It was not necessary for DKV to specifically consent to that. The applicant does not dispute that the treating GP is involved with in the applicant’s treatment, but claims that the referral letter contained details that the applicant did not want disclosed to the treating GP.

  3. Dr B gave evidence that this was the usual practice. Ms MF the nurse was present at the consultation and recalls that there was discussion about the applicant seeing the treating GP and that a referral letter would be sent for this purpose. In KJ v Wentworth Area Health Service [2004] NSWADT 84 it was found that there had been a breach of the Information Privacy Principles by the provision of a report by a specialist to a GP, on the basis that the GP had not referred the applicant to the specialist. The GP in the KJ case was not involved in that aspect of the applicant’s health care. The situation here is different as the applicant says that the treating GP is the only medical practitioner the applicant regards as trustworthy.

  4. On the question of HPP 9 the applicant complains that there was an intrusive and excessive collection of information.

  5. In my view HPP 9 does not cover the collection of information but instead relates to the use of information. It requires the agency to take reasonable steps to ensure that having regard to the purpose for which the information is proposed to be used that the information is relevant, accurate, up to date, complete and not misleading. It is not concerned with collection or disclosure of health information. These are covered by HPP 2, HPP 4 and HPP 11.

  6. In my view the respondent has not used the information itself. By providing the referral to the treating GP it has not used the information in the manner described in HPP 9. It has disclosed the information for the purposes of HPP 11.

  7. In any case it appears to me that the details of the applicant’s health were at the level required in the circumstances and were on the face of it accurate. As the affidavit of Dr B makes clear, State health policy directives and guidelines require the gathering of a comprehensive personal and family history and details relating to current social and family situations in order to assess the patient’s condition.

  8. I note that the respondent has offered to put a notation on the applicant’s file which shows that she does not agree with some of the aspects of the referral letter. The respondent has also offered to write to the treating GP to request removal of the report from the files. The respondent has offered to do the same with the wrong GP, but the applicant has declined. The respondent has been in contact with the applicant’s solicitors and provided a revised report. The respondent has also implemented a series of actions to improve its performance relative to the HPPs and is willing to pass feedback on to NSW Health so that the experience may provide lessons system wide.

  9. Except as conceded by the respondent, I find that there has been no breach of HPP 9 and HPP 11. The conduct of the respondent since receiving the complaint appears to have been correct, prompt, and indicating compassion and insight. The Tribunal does not have jurisdiction to review a breach of HPP 2, and if it did there has been no apparent breach in any case.

  1. Accordingly I decide that the Tribunal should take no action (s.55(2) PPIP Act) in respect of conduct which the respondent has not conceded involves a breach of the HPPs.

  2. The question of damages and costs are to be the subject of a separate consideration covering only the breach of HPP 11 by the sending of the referral letter to the wrong GP and the concession that HPP 4 was breached in that the applicant was not fully informed about the purpose for which the information was being collected and to whom it might be disclosed.

Decision

  1. The Tribunal decides to take no action in respect of conduct other than that which the respondent conceded involves a breach of the HPPs.

SCHEDULE

HPP 2

“An organisation that collects health information from an individual must take such steps as are reasonable in the circumstances (having regard to the purposes for which the information is collected) to ensure that:

  1. the information collected is relevant to that purpose, is not excessive and is accurate, up to date and complete, and

  2. the collection of the information does not intrude to an unreasonable extent on the personal affairs of the individual to whom the information relates.”

HPP 4

“An organisation that collects health information about an individual from the individual must, at or before the time that it collects the information (or if that is not practicable, as soon as practicable after that time), take steps that are reasonable in the circumstances to ensure that the individual is aware of the following:

  1. the identity of the organisation and how to contact it,

  2. the fact that the individual is able to request access to the information,

  3. the purposes for which the information is collected,

  4. the persons to whom (or the types of persons to whom) the organisation usually discloses information of that kind,

  5. any law that requires the particular information to be collected,

  6. the main consequences (if any) for the individual if all or part of the information is not provided.

  1. If an organisation collects health information about an individual from someone else, it must take any steps that are reasonable in the circumstances to ensure that the individual is generally aware of the matters listed in subclause (1) except to the extent that:

  1. making the individual aware of the matters would pose a serious threat to the life or health of any individual, or

  2. the collection is made in accordance with guidelines issued under subclause (3).

  1. The Privacy Commissioner may issue guidelines setting out circumstances in which an organisation is not required to comply with subclause (2).

  2. An organisation is not required to comply with a requirement of this clause if:

  1. the individual to whom the information relates has expressly consented to the organisation not complying with it, or

  2. the organisation is lawfully authorised or required not to comply with it, or

  3. non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ), or

  4. compliance by the organisation would, in the circumstances, prejudice the interests of the individual to whom the information relates, or

  5. the information concerned is collected for law enforcement purposes, or

  6. the organisation is an investigative agency and compliance might detrimentally affect (or prevent the proper exercise of) its complaint handling functions or any of its investigative functions.

  1. If the organisation reasonably believes that the individual is incapable of understanding the general nature of the matters listed in subclause (1), the organisation must take steps that are reasonable in the circumstances to ensure that any authorised representative of the individual is aware of those matters.

  2. Subclause (4) (e) does not remove any protection provided by any other law in relation to the rights of accused persons or persons suspected of having committed an offence.

  3. The exemption provided by subclause (4) (f) extends to any public sector agency, or public sector official, who is investigating or otherwise handling a complaint or other matter that could be referred or made to an investigative agency, or that has been referred from or made by an investigative agency.”

HPP 9

“An organisation that holds health information must not use the information without taking such steps as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is proposed to be used, the information is relevant, accurate, up to date, complete and not misleading.”

HPP 11

“(1)   An organisation that holds health information must not disclose the information for a purpose (a

"secondary purpose" ) other than the purpose (the

"primary purpose" ) for which it was collected unless:

  1. the individual to whom the information relates has consented to the disclosure of the information for that secondary purpose, or

  2. the secondary purpose is directly related to the primary purpose and the individual would reasonably expect the organisation to disclose the information for the secondary purpose, or

Note : For example, if information is collected in order to provide a health service to the individual, the disclosure of the information to provide a further health service to the individual is a secondary purpose directly related to the primary purpose.

  1. the disclosure of the information for the secondary purpose is reasonably believed by the organisation to be necessary to lessen or prevent:

  1. a serious and imminent threat to the life, health or safety of the individual or another person, or

  2. a serious threat to public health or public safety, or

(c1)   the information is genetic information and the disclosure of the information for the secondary purpose:

  1. is to a genetic relative of the individual to whom the genetic information relates, and

  2. is reasonably believed by the organisation to be necessary to lessen or prevent a serious threat to the life, health or safety (whether or not the threat is imminent) of a genetic relative of the individual to whom the genetic information relates, and

  3. is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or

  1. the disclosure of the information for the secondary purpose is reasonably necessary for the funding, management, planning or evaluation of health services and:

  1. either:

(A)   that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or

(B)   reasonable steps are taken to de-identify the information, and

  1. if the information could reasonably be expected to identify individuals, the information is not published in a generally available publication, and

  2. the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or

  1. the disclosure of the information for the secondary purpose is reasonably necessary for the training of employees of the organisation or persons working with the organisation and:

  1. either:

(A)   that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or

(B)   reasonable steps are taken to de-identify the information, and

  1. if the information could reasonably be expected to identify the individual, the information is not made publicly available, and

  2. the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or

  1. the disclosure of the information for the secondary purpose is reasonably necessary for research, or the compilation or analysis of statistics, in the public interest and:

  1. either:

(A)   that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or

(B)   reasonable steps are taken to de-identify the information, and

  1. the information will not be published in a form that identifies particular individuals or from which an individual's identity can reasonably be ascertained, and

  2. the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or

  1. the disclosure of the information for the secondary purpose is to provide the information to an immediate family member of the individual for compassionate reasons and:

  1. the disclosure is limited to the extent reasonable for those compassionate reasons, and

  2. the individual is incapable of giving consent to the disclosure of the information, and

  3. the disclosure is not contrary to any wish expressed by the individual (and not withdrawn) of which the organisation was aware or could make itself aware by taking reasonable steps, and

  4. if the immediate family member is under the age of 18 years, the organisation reasonably believes that the family member has sufficient maturity in the circumstances to receive the information, or

  1. the disclosure of the information for the secondary purpose is to a law enforcement agency (or such other person or organisation as may be prescribed by the regulations) for the purposes of ascertaining the whereabouts of an individual who has been reported to a police officer as a missing person, or

  2. the organisation:

  1. has reasonable grounds to suspect that:

(A)   unlawful activity has been or may be engaged in, or

(B) a person has or may have engaged in conduct that may be unsatisfactory professional conduct or professional misconduct under the Health Practitioner Regulation National Law (NSW) , or

(C)   an employee of the organisation has or may have engaged in conduct that may be grounds for disciplinary action, and

  1. discloses the health information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, or

  1. the disclosure of the information for the secondary purpose is reasonably necessary for the exercise of law enforcement functions by law enforcement agencies in circumstances where there are reasonable grounds to believe that an offence may have been, or may be, committed, or

  2. (k) the disclosure of the information for the secondary purpose is reasonably necessary for the exercise of complaint handling functions or investigative functions by investigative agencies, or

  3. (l) the disclosure of the information for the secondary purpose is in the circumstances prescribed by the regulations for the purposes of this paragraph.

(2)   An organisation is not required to comply with a provision of this clause if:

  1. the organisation is lawfully authorised or required not to comply with the provision concerned, or

  2. non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ), or

  3. the organisation is an investigative agency disclosing information to another investigative agency.

(3)   The Ombudsman's Office, Health Care Complaints Commission, Anti-Discrimination Board and Community Services Commission are not required to comply with a provision of this clause in relation to their complaint handling functions and their investigative, review and reporting functions.

(4)   Nothing in this clause prevents or restricts the disclosure of health information by a public sector agency:

  1. to another public sector agency under the administration of the same Minister if the disclosure is for the purposes of informing that Minister about any matter within that administration, or

  2. to any public sector agency under the administration of the Premier, if the disclosure is for the purposes of informing the Premier about any matter.

(5)   If health information is disclosed in accordance with subclause (1), the person, body or organisation to whom it was disclosed must not use or disclose the information for a purpose other than the purpose for which the information was given to it.

(6)   The exemptions provided by subclauses (1) (k) and (2) extend to any public sector agency, or public sector official, who is investigating or otherwise handling a complaint or other matter that could be referred or made to an investigative agency, or that has been referred from or made by an investigative agency.”

**********

I hereby certify that this is a true and accurate record of the reasons for decision of the Civil and Administrative Tribunal of New South Wales.


Registrar

Decision last updated: 08 January 2019

Actions
Download as PDF Download as Word Document
Cases Citing This Decision

5

Barr v Macquarie University [2025] NSWCATAD 267
EON v Mid North Coast Local Health District [2022] NSWCATAD 113
EJE v Nepean Blue Mountains Local Area Health District [2021] NSWCATAD 289
Cases Cited

1

Statutory Material Cited

2

KJ v Wentworth Area Health Service [2004] NSWADT 84