You are here
Updated May 2021.
The Independent Hospital Pricing Authority (IHPA) is committed to the protection of personal information and complies with the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs).
IHPA is also committed to ensuring that the statistical hospital data accessed for the purposes of IHPA’s functions under the National Health Reform Act 2011 (NHR Act) and National Health Reform Agreement are managed in a manner that is consistent with the APPs, state and territory privacy laws and health data laws. Although these laws do not strictly apply to this data in the form in which it is held by IHPA, that data is treated with the same care as personal information held by IHPA.
- what information IHPA collects
- how IHPA collects, holds and uses personal information
- how IHPA handles data breaches that include personal information
- how to lodge a complaint on how IHPA has handled personal information
- how someone can access or request corrections to their personal information.
IHPA takes all reasonable steps to ensure that it establishes and maintains internal practices, procedures and systems to ensure compliance with the APPs.
IHPA has developed and implemented a number of supporting policies and procedures to supplement the principles outlined in the Policy, these include;
- Consultant Access to IHPA Protected Data Rules
- Data Access and Release Policy
- Data Breach Response Plan
- Data Governance Policy
- Information Security Policy
- IT Operations Security Policy
- Privacy Impact Assessment
- Privacy Management Plan
- Procedures for handling inquiries, complaints and requests for access and amendment
- Public Interest Disclosure Policy.
This Policy applies to personal information collected by IHPA. Where relevant, IHPA will also apply the Policy to the Activity Based Funding Data and National Hospital Cost Data Collection data (collectively, hospital data) it collects in its role to the extent that it is practicable for IHPA to do so.
The requirements under this Policy apply to all IHPA employees, officers and employees of contracted service providers.
This Policy will be reviewed annually by the Executive Officer but may be reviewed more frequently if required.
What is “personal information”?
The Privacy Act defines ‘personal information’ as ‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable’.
What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstance. Whether an individual is ‘reasonably identifiable’ from particular information about that individual will depend on a number of matters including: the nature and extent of the information and whether it is possible for the recipient of the information to identify the individual using available resources (including other information available to that recipient).
Where it is technically possible to identify an individual based on the information, but doing so is not practicable, because of: the cost, difficulty, practicality and likelihood of a person or entity doing so, that individual will generally be regarded as not ‘reasonably identifiable’. For example if the cost of reasonably identifying an individual is overly expensive or resource intensive, that individual would be regarded as not reasonably identifiable.
Personal information relates only to natural persons and in most circumstances it will not apply to deceased persons. However, information about individuals provided in a business or professional capacity is personal information, and will be protected by the APPs.
Types of information collected by IHPA
IHPA only collects personal information where the information is reasonably necessary for, or directly related to, one or more of IHPA’s functions or activities. Examples include:
- contact details including name, address, phone number, email address, role, organisation or agency, other contact details
- educational qualifications
- employment history
- procurement records
- consultancy records
- committee membership details
- bank account details
- superannuation details
- creditor and debtor information
- recruitment records
- personnel records.
IHPA may request or receive this personal information from:
- individuals who contact IHPA with an enquiry
- individuals who act on behalf of a healthcare organisation and register their interest in IHPA activities
- individuals who deal with IHPA as part of consultation, including a reference group or as a representative of a stakeholder organisation
- individuals who share data with IHPA on behalf of a state or territory government department or a healthcare organisation
- researchers who apply for data access and release
- IHPA's business associates
- goods and services providers (including contractors)
- current and former employees
- applicants for employment.
This information is subject to the Privacy Act and IHPA has an obligation to ensure that this information is managed in accordance with the Privacy Act.
IHPA also collects a range of hospital data pursuant to its functions outlined in the NHR Act. The use of hospital data is subject to secrecy provisions contained in the NHR Act which relate to ‘protected Pricing Authority information’. The NHR Act recognises the importance of protecting patient confidentiality and imposes strict obligations on the use, disclosure and publishing of information that is likely to enable the identification of a patient (refer to section 279(2) of the NHR Act).
Hospital data contains Activity Based Funding Data and National Hospital Cost Data Collection data including demographic information, clinical information, the nature of care provided and costs.
Importantly, both the patient and the hospital are assigned a unique identifier. This unique identifier is used instead of the patient’s name and the name of the hospital. The unique identifiers are not available to the general public. IHPA has implemented a range of strategies to ensure that data sets are not able to be searched or combined in a way that would allow a person to determine the identity of an individual. For example, hospital data is only used or disclosed in a de-identified fashion.
Where small cell data (that is, data sets with a small number of entries) is present, IHPA takes measures (such as zeroing or aggregation) to ensure that no identifying data is used or disclosed.
How IHPA collects and holds personal information
IHPA collects personal information about individuals directly from those individuals or their authorised representative. IHPA may also collect personal information if it is required or authorised by or under an Australian law to do so.
When collecting personal information, IHPA will inform the individual of the purpose for collecting the information, IHPA’s requirements to access the information, how the information will be held, the ramifications if IHPA fails to collect the information and if the collection of the information is required or authorised by or under Australian law.
IHPA does not collect sensitive information about an individual unless the individual has consented and the information is reasonably necessary for, or directly related to, one or more of IHPA’s functions.
Where IHPA receives unsolicited personal information, IHPA will determine whether that information could have been collected in accordance with the APPs. If IHPA determines it could not have obtained the information in accordance with the APPs, IHPA will consider whether it is obliged to retain that information under its record-keeping rules. If not, IHPA will destroy the information or ensure that the information is de-identified where it is lawful and reasonable to do so.
IHPA uses TRIM as its official electronic document and records management system for storing of its information, including personal information. TRIM is a secure environment vetted and managed by the Commonwealth Department of Health and meets the security requirements of the Australian Government.
How IHPA may collect and use personal information
IHPA may collect and use the personal information in order to:
- respond to enquiries and otherwise engage with stakeholders
- communicate information to an individual about any initiative offered by or associated with IHPA, including invitations to consultation or engagement events
- provide marketing information about goods, services, events or initiatives which may be of interest
- conduct business with its business associates and contractors
- manage requests for data access and release
- manage its employment relationships and responsibilities
- engage and manage its workforce
- deliver its functions and meet its legal obligations.
For example, the NHR Act authorises IHPA to establish committees to provide advice or assist in performing its functions. IHPA collects and uses personal information relating to the committee members in order to establish and maintain current committee member information. Personal information contained in committee files may include contact details and terms of engagement.
If IHPA is required to pay sitting fees to eligible committee members, IHPA’s file will include member’s bank accounts, taxation details and superannuation details in order to pay those sitting fees.
Personnel and Contractor files
IHPA collects and uses personal information to maintain current employee information for business related purposes.
IHPA collects and uses stakeholder files to maintain current stakeholder information for business related purposes. The personal information relates to contact details and employment details.
Personal information in relation to consultation
Feedback gathered from jurisdictional, stakeholder and public consultations is crucial to the success of IHPA’s work program. IHPA often collects consultation feedback on a variety of areas in its work program. This can be in the form of written submissions, names, contact details and details of workplaces. All submissions are published on IHPA's website unless respondents specifically identify any sections they believe should be kept confidential due to commercial or other reasons.
In addition to the above categories, IHPA collects and uses information about corporate entities. This may contain information relating to a person in their corporate capacity, such as details and job titles for employees of IHPA’s business associates.
While information about individuals comprises personal information, information about corporate entities does not meet the definition of personal information under the Privacy Act. IHPA treats such information as commercial-in-confidence if it is appropriate to do so.
Internet cookies and location information
A cookie is a very small text file which is stored on an individual's device, when a user first visits a website. Cookies may be used on IHPA websites, including www.ihpa.gov.au. When a visitor returns to a website owned by IHPA, the cookie enables IHPA to register that same browser, on which the cookie is stored has returned. Cookies help IHPA to improve its website and monitor internet traffic.
Visitors to IHPA’s website can block cookies by activating a setting on their browser that allows the visitor to refuse the setting of all or some cookies, however, if the visitor blocks all cookies they may not be able to use the full functionality of IHPA’s websites.
Currently IHPA’s server makes a record of an individual’s visit and logs the following information for statistical purposes or systems administration purposes:
- server address
- top level domain name (for example .com, .gov, .au, .uk etc)
- the date and time of the visit to the site
- the pages accessed and documents downloaded
- the previous site visited
- the type of browser being used.
No attempt will be made to identify users or their browsing activities, except in the unlikely event of an investigation where a law enforcement agency may exercise a warrant to inspect the logs.
Disclosure of personal information
Ordinarily, IHPA discloses personal information to other government agencies or organisations only for the purpose the information was collected.
Personal information may be disclosed for a secondary purpose with the individual’s consent, where the individual would reasonably expect that their information will be disclosed, or if disclosure is otherwise required or authorised by or under law.
For example, personal information will be used and/or disclosed:
- To manage new and ongoing employees’ employment such as leave applications and approvals and pay related records.
- To monitor employees’ phone and internet usage, code of conduct investigations, police checks and security clearances, while undertaking fraud or audit functions or for other purposes relevant to employer powers under the Public Service Act 1999.
- To Comcare for worker’s compensation matters and/or Comcare rehabilitation providers for rehabilitation purposes and legal advisors for workers’ compensation matters.
- To decision makers, which may include external parties, including ministers or the Chair of such committees. Biographical information may be disclosed on IHPA’s website or media announcements regarding particular appointments.
- To other Commonwealth, state or territory government departments and external bodies or contracted service providers responsible for performing the functions, or assisting IHPA to perform its functions.
- For purposes including IHPA promotions activities.
IHPA does not routinely send personal information overseas, but where it does so, it will ensure that it has appropriate procedures and systems in place for ensuring that the information will be handled in accordance with the APPs.
IHPA applies the principles set out in the Australian Government Protective Security Policy Framework and Australian Government Information Security Manual with reference to IHPA’s individual security requirements.
IHPA will destroy or de-identify personal information if it is no longer required to perform its functions and its retention is not required under Australian law. IHPA will also ensure that personal information is protected from misuse, interference, loss and from unauthorised access, modification or disclosure through a range of physical and electronic security measures including restricted physical access to IHPA’s premises, security firewalls and computer user identifiers and passwords.
IHPA has adopted a comprehensive Data Governance Policy to ensure that the personal information that it holds is protected. IHPA’s Information Security Policy outlines how IHPA complies with its information security obligations in respect of the handling and protection of personal information. In addition IHPA has adopted personnel security procedures to ensure that the information IHPA holds is protected from misuse.
IHPA will also undertake a written Privacy Impact Assessment (PIA) for all projects that involve new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
Privacy or data breach
The Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act requires IHPA to notify individuals whose personal information is involved in a data breach that is likely to result in ‘serious harm’ to any of the individuals. Serious harm refers to serious physical, psychological, emotional, financial or reputational harm to an individual or individuals.
IHPA has implemented a Data Breach Response Plan to manage all data breaches in accordance with the NDB.
If a suspected or known data breach occurs, all employees are required to take action to report suspected data breaches to the Executive Officer and take immediate steps to contain the breach (if applicable). The Executive Officer will immediately notify the Chief Executive Officer (CEO) of the suspected breach and will then undertake an initial assessment based on its seriousness. The CEO will make a decision regarding the response required, including whether notification via the NDB Statement – Form (www.oaic.gov.au) to the Office of the Australian Information Commissioner (OAIC) is necessary.
If serious harm is likely to be caused to an individual or individuals from the data breach, IHPA will notify the affected individual:
- as far as it is practicable to do so, immediately to advise that a suspected or known data breach has occurred
- the breach includes their personal information
- the actions that are being undertaken to limit or mitigate any harm caused by the breach.
IHPA will work with the OAIC on any recommendations or directions from the Information Commissioner relating to the breach.
IHPA will review the incident to determine possible causes of the breach and revise its internal policies and procedures to prevent reoccurrence. Possible actions will include updating policies and procedures relating to records management and additional staff training on privacy.
Roles and responsibilities
IHPA is required under the Australian Government Agencies Privacy Code to appoint a Privacy Champion and Privacy Officer. The Privacy Champion provides cultural leadership and promotes the value of personal information. The Privacy Officer is the first point of contact for privacy matters within IHPA, and is responsible for ensuring day-to-day operational privacy activities are undertaken.
Privacy Champion (Executive Director, Data Analytics)
Name: Julia Hume
Postal Address: PO Box 483 Darlinghurst NSW 1300
Telephone: 02 8215 1159
Email: julia.hume [at] ihpa.gov.au
Privacy Officer (Executive Officer)
Name: Olga Liavas
Title: Executive Officer
Postal Address: PO Box 483 Darlinghurst NSW 1300
Telephone: 02 8215 1129
Email: olga.liavas [at] ihpa.gov.au
IHPA has established a robust compliance program to ensure that it meets its obligations to manage personal information appropriately and to comply with the APPs. IHPA reviews how and when it collects personal information to ensure that the collection complies with the APPs.
IHPA annually reviews its use and disclosure of personal information to ensure that it manages personal information in accordance with the APPs.