COVID update: learn more

Privacy Policy


Moyne Health Services (MHS) respects and is committed to protecting the privacy of every individual. We are required by law to ensure that all personal and health information pertaining to patients, residents and staff, remains confidential. Moyne Health Services complies with all legislation relating to privacy and confidentiality including the Health Services Act 1988 (Vic), Privacy and Data Protection 2014, Freedom of Information 1982 (Vic), and the Health Records Act 2001 (Vic). The existing provisions of the Mental Health Act still apply.

Moyne Health Services cannot use or disclose personal or health information without the consent of the individual, except if it is required, authorised or permitted under law.

Staff are bound by a strict code of confidentiality; details are outlined in the Confidentiality and Security of Information Policy


This policy relates to staff, patients, residents and their families, service users, visitors, members of the public and external organisations

Key Definitions

Health information:
The Health Records Act 2001 applies to health information, as information or opinion about:

Many MHS functions require us to handle health information, which is covered by the Health Records Act 2001. This requires the organization to Protect Information; provide individuals the right to access to their information; and provide a framework for resolution of complaints in relation to the handling of personal information.

Personal (Staff) Information:
Privacy and Data Protection 2014 defines personal information to mean:
“…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable”

What documents and information are covered?

The sharing, utilisation, examination or analysis of information, that identifies or reasonably can be used to identify, a person within MHS.

The release, transfer, or divulging in any other manner of information outside MHS.

The provision, coordination, or management of health care related services by one or more health care providers, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient, resident or client; or for the referral of a patient, resident of client for health care from one health care provider to another.

Policy statement

Moyne Health Services (MHS) will manage the privacy of patient and staff information to prevent inappropriate access, distribution and use.

MHS is committed to the Information Privacy Principles contained within the Privacy and Data Protection 2014(Cth) and as such MHS has developed this Privacy Policy Statement.


The following statements outline strategies for the management of privacy of health information at Moyne Health Services.

1. We will not use or disclose information of a personal nature, except to the extent that this is required, authorised or permitted under law. All staff are required to be trained and understand their obligations under the laws relating to safeguarding this information.

2. We will only collect information that is necessary for us to perform our functions. We will do so in a fair, lawful and non-intrusive way. Wherever possible, we will collect information directly from individuals rather than from third parties.

3. When information is requested the reasons that it is required will be explained, along with any law that requires it to be collected, the organisations or type of organisations to whom we usually would disclose it and the consequences if the information is not provided.

4. Generally, we collect and use information for the purpose of providing care and treatment, and for purposes directly related to providing such care and treatment. We may disclose information to other health care providers for the purpose of providing further treatment.

Moyne Health staff will only use or disclose information for:

Patients are to be informed that information is transferred to the GP or referring doctor on discharge, emergency or outpatient attendance, and are able to request that this does not occur.

De -identified information (data where an individual’s identity cannot be ascertained) may be used and disclosed without consent.

MHS is required by Health Services Act, Health (Infectious Diseases) Regulations 1960, Coroners Act (2008) Vic or Mental Health Act 2014 to disclose Information to registries and databases maintained by the Department of Health (DoH) and other organisations. Department of Health (DoH) dataset collections for:

We may also use information for other purposes permitted under the privacy laws. Examples of such uses include: release of information to a court in compliance with a summons or court order or where there is a serious and imminent threat to an individual’s life, health, safety or welfare; a serious threat to public health, or in research or quality improvement studies.

5. We endeavour to ensure that the information we hold is accurate, complete and up to date. We are required under the Public Records Act to hold some records for extended periods. We will not keep information longer than we need to. From time to time we conduct audits of our records and databases to ensure that the information we hold is accurate and up to date.

6. The right to use our record keeping and computer systems is controlled and monitored. Staff and authorised external users only have access to systems that their duties require. There are comprehensive auditing procedures to prevent and detect unauthorised access and fraud. All physical or paper records are securely stored and can be accessed only by authorised personnel. Computer systems uniquely identify individual users to ensure that access is appropriately authorised. All transactions involving information of a personal nature that can be audited are traceable to an individual Moyne Health Services staff member.

7. Access to records in a public hospital/organisation is legislated under the Freedom of Information Act (1982) Victoria.

8. Every individual, for whom information is held, has the right to request access to and amendment of their information. There are however, some conditions when access can be restricted or withheld. For example, access to personal /health information is not provided where doing so would disclose information given in confidence, where disclosure might pose a serious threat to the life or health of any person, or where the information would otherwise be exempt from disclosure by law. The methods of access to personal/health information are prescribed and a reasonable fee can be levied.

9. If an individual wishes to access and/or request amendment to their personal/health information, they should be advised to contact the Freedom of Information Officer at Moyne Health Services. Refer to Freedom of Information Policy for more details.

10. We may, from time to time, transfer health information to organisations outside Victoria for the purpose of the provision of care or treatment. This will only occur with the individual’s consent, when we believe that the recipient organisation is subject to binding privacy obligations substantially similar to those under which we operate or where it is considered to be in their best interest.

We ensure that any suspected infringements of privacy are thoroughly investigated. We have strategies in place to identify procedural and systems weaknesses and continually review these strategies. Disciplinary action is taken in cases where investigations or suspected infringements of privacy are proven.

A Privacy Officer has been appointed to assist with the administration of this policy. This includes:
gaining access to health information we hold;

The Privacy Officer can be contacted on 03 5568 0100


Key Aligned/ Linked Documents