eHealth NSW handles all personal information and personal health information in accordance with the Health Records and Information Privacy Act 2002 (HRIP Act) and the Privacy and Personal Information Protection Act 1998 (PPIP Act), NSW Health policies and guidelines, including NSW Health Privacy Manual for Health Information.
The NSW Health Privacy Management Plan sets out our commitment to respecting the privacy rights of staff, patients and other third parties and provides more information on how we handle the personal and health information we collect and hold.
Privacy Management Annual Report
eHealth NSW’s Privacy Management Annual Report outlines the range of activities conducted during the financial year to comply with the PPIP Act and the HRIP Act.
Data Breach Policy and Public Notification Register
Part 6A of the PPIP Act sets out obligations for public sector agencies, including eHealth NSW, in relation to data breaches involving personal and health information. These obligations include a requirement to prepare and publish a data breach policy and to keep a register of public notifications made to affected individuals.
About the Data Breach Policy
The NSW Health Data Breach Policy outlines the minimum requirements and standards across NSW Health to ensure data breaches involving personal or health information are managed in compliance with the Mandatory Notification of Data Breach (MNDB) Scheme.
Register of Public Notifications
The PPIP Act requires eHealth NSW to maintain a register of all public notifications of eligible data breaches and to make this register available on its website.
A public notification is provided when it is not reasonably practicable to notify any or all of the individuals affected by the breach directly.
The notification must be available for at least 12 months after the date of publication.
| Date of data breach | Date eHealth NSW became aware of data breach | Description of data breach | Type of data breach |
|---|---|---|---|
| N/A. There have been no notifications made in the previous 12 months. | |||
Website Privacy Notice
eHealth NSW maintains the eHealth NSW website and this Privacy Notice applies to all the publicly accessible pages on the eHealth NSW website located at www.ehealth.nsw.gov.au.
eHealth NSW is not responsible for the privacy policies or practices of third-party sites linked to the eHealth NSW site.
-
When you look through our website, we automatically record information such as:
- Information about your device. One example, the Internet Protocol (IP) address of your computer used to access the page
- Date and time of your visit to the site
- Pages accessed and documents downloaded
- Previous site visited
- Type of browser (e.g. Google Chrome or Internet Explorer) and the operating system (e.g. the version of Windows or macOS for Apple) you have used.
The eHealth NSW website uses a combination of browser capabilities including cookies, session and local storage to provide an enhanced experience for the user.
-
eHealth NSW uses the information to monitor how our website is used and to improve the site and the services it provides to both the public and our staff.
We will only publish information that identifies you with your permission or if we can do so under the NSW privacy laws.
Some examples of when we may use or share your information are:
- Where law enforcement agencies have legal rights under the law or by court order to access our data
- Where our website is being tampered with or where there is a risk of a security breach to eHealth NSW or other NSW Health agencies
- Where there is a serious and imminent threat to health or welfare or staff may be at risk
- Where information relating to an offence which may or may not be committed is reasonably necessary to assist a law enforcement agency to perform its functions.
-
Yes. eHealth NSW stores the information in a secure format. When the information is no longer required for the purposes for which it was collected it is deleted.
-
We will update this Notice from time to time if we change the way we do things and it impacts on our privacy obligations or if the privacy laws change.
Resources
eHealth NSW is a Health entity within NSW Health. The NSW Health Privacy policies can be found at www.health.nsw.gov.au/patients/privacy/Pages/privacy-policies.aspx.
- Privacy and Personal Information Protection Act 1998 (NSW)
- Health Records and Information Privacy Act 2002 (NSW)
Your right to access information, questions or complaints
Please contact:
Privacy Contact Officer
eHealth NSW
PO Box 1770
CHATSWOOD NSW 2057