The National Privacy Principles under the Privacy Act 1988 (Cth) apply to individual practitioners working for corporate practices, corporations, incorporated partnerships and commonwealth public institutions / service providers and corporate aged-care facilities. The National Privacy Principles and the Act do not apply to state public institutions (hospitals), small businesses who do not provide health services or sole practitioners or unincorporated partnerships.

National Privacy Principal number 6 relates to access and correction of personal information.  If an organization holds personal information about an individual it must provide the individual with access to the information on the request of the individual. The exception, in relation to health information, is where access would pose a serious threat to the life or health of any individual.  There are other limited exceptions.

The organization cannot charge a fee for lodging an application for access. The organization can charge a fee for reasonable administrative costs such as photocopying and postage expenses.

If the organisation refuses to grant access to, or to correct, a person's records on request, the person can complain to the Australian Information Commissioner (Cth) under section 36(1) of the Act (1300 363 992).

For additional information click on this link