On this page
- Our approach to handling information
- Information about you
- Why we collect personal information
- What we collect
- When we collect personal information
- How personal information is shared
- How personal information is managed
- How to access or correct your personal information
- How to make a privacy complaint
- Additional privacy information and resources
Our approach to handling information
Queensland Health collects and manages personal information to provide health and well-being services for Queenslanders. We also collect personal information to administer our other functions, such as employee management, health sector research and public policy development.
Hospital and Health Services are not covered by this policy.
This diagram explains the structure of Queensland Health and HHSs.
We are committed to handling your personal information with care, and in accordance with privacy law. Our privacy commitment to you is set out in our Privacy Charter.
We apply the Queensland Information Privacy Act 2009 (Qld) that includes health-specific privacy principles (known as the ‘NPPs’). The NPPs guide how we collect and manage personal information, including health information.
Our approach to privacy includes meeting confidentiality requirements of the Hospital and Health Boards Act 2011 (Qld), and other Queensland laws that relate to managing your information.
Information about you
At Queensland Health, we describe information about you using three terms:
- personal information
- sensitive information
- confidential information.
The laws that apply to us use these terms.
Personal information is defined by the Information Privacy Act 2009. Put simply, it is information that identifies a living person (or could lead to them being identified).
Sensitive information is a subset of personal information. Sensitive information includes health information and other information such as race, ethnicity, religious beliefs, sexual preferences or practices and criminal records. We take additional care in our collection and handling of sensitive information.
Confidential information is information about a person who is receiving or has received a public health service. Confidential information includes care and treatment information.
Unlike personal information, which is only about a living person, confidential information can be about a living or deceased person.
Queensland laws set out requirements for how we handle confidential information.
These laws include:
- Part 7 of the Hospital and Health Boards Act 2011
- Public Health Act 2005
- Mental Health Act 2016.
This diagram helps to illustrate the categories of personal information (PDF 279 kB). The sections the follow describe the personal information we collect at Queensland Health, why we collect it and what we do with it.
Why we collect personal information
We collect personal information to provide health and wellbeing services to you, and to fulfil our other functions. Specifically, we collect personal information for the following.
Provide you with health and well-being services
We may use your personal information to provide you with our services to improve your health and well-being.
Ensure you receive appropriate treatment and follow-up care
We may use your personal information to provide you with treatment and follow-up care that is appropriate for your needs.
Decide on applications for services or benefits
We may use your personal information to make decisions about your applications for our services or benefits.
Communicate with you and receive your feedback
When you communicate with us via our website (www.health.qld.gov.au), your correspondence is treated as a public record. We keep your correspondence for as long as required by the Public Records Act 2002 (Qld) and other relevant laws. Your personal information included in the communication will never be shared with others unless you give us permission.
Queensland Health does not reply to all communication received via our website.
Communication may be forwarded to relevant business areas within Queensland Health or to an appropriate Hospital and Health Service.
Conduct research to improve healthcare practices
We may use personal information for research to help us to improve Queensland healthcare practices. All research must meet ethical requirements and be authorised by the chief executive.
Conduct research about health through the Giving Information To Research (GIFTR) initiative
When you visit certain hospitals, your nurse or doctor may ask for your permission to use and disclose your health information for GIFTR research.
This information may include:
o medical and personal information in your heath record (such as mental health, behavioural health, sexual health, and drug use)
o notes from doctors
o test results (including x-rays and blood) o genetic information If you give permission, your information will only be used for GIFTR research.
Your personal information involved in the research will never be made public. If you do not agree, your information will not be used for GIFTR research. Your decision will not affect your treatment of care. For more information regarding GIFTR, email GIFTR@health.qld.gov.au
Conduct community wellbeing and other research through online surveys
We may ask you to take part in online surveys that appear on our website. The surveys, for example, may relate to health issues such as smoking.
These surveys are voluntary, and you can often remain anonymous. If you would like to participate, you may be asked to agree to certain Terms and Conditions about the use and/or disclosure of your information.
We sometimes conduct surveys using online platforms provided by external service providers. These providers may store information outside of Australia.
Make payments to, and generally manage employment of, Queensland Health staff
If you are a Queensland Health staff member, we will use your personal information to manage your employment and make payments to you.
Process requests to access or correct personal information
Queensland Health may use your personal information to process your request to access or correct your own personal information. We provide more information on how you can request access to, or correction of, your personal information.
Process requests to access other Queensland Health information
We may use your personal information to process requests to access other Queensland Health information. To find out more, you can visit our Right to Information request page.
Investigate privacy complaints
We may use your personal information to investigate your privacy enquiry or complaint, and to communicate with you about your enquiry or complaint. We set out further information about how to make a privacy enquiry or complaint with us.
To conduct website analytics
When you visit our website (www.health.qld.gov.au), we may make a record of your visit and for statistical purposes only log the following information:
- server address
- top level domain name (e.g. .gov)
- date and time of your visit to the site
- pages visited and documents downloaded
- previous sites visited
- browser type.
No attempt is, or will be, made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect activity logs.
We use this data to analyse the pages that are visited, to improve your experience and make sure our website is useful.
Read more about:
Queensland Health will only use your personal information for the purpose(s) that it was collected for, unless we have a lawful requirement or authority to use it for another purpose. Some circumstances where we may be lawfully required or authorised to use or disclose your personal information for another purpose, may include:
- Undertaking activities that help us monitor and improve the way we operate
- Providing professional supervision or mentoring of our staff
- Helping us with management, funding, monitoring, planning and evaluation and accreditation activities (including through the use of surveys)
- Enabling us to code and de-identify records
- Addressing liability indemnity arrangements and defending legal proceedings. This may require giving information to a medical expert (for a medico-legal opinion), insurer, medical defence organisation or lawyer
- Debt recovery in relation to services received.
What we collect
Information we collect depends on the service or function we need it for. We take care to ask you only for what is necessary.
Some examples of the information we collect are:
- Correspondence and feedback
- Website analytics data—see our Website Privacy Statement.
- Contact details
- Date of birth
- Photographs that capture your image or other personal information
- Unique identifying number (such as your Medicare number)
- Medical, health, diagnostic and treatment information
- Test results, x-rays and scans
- Sexual health information
- Correspondence and feedback
- Complaint information
- Details of access and correction requests
- Contact details
- Photographs, that capture your image or other personal information
- Financial or bank details
- Educational history
- Cultural background, relationship status and family circumstances
- Details of office bearers in funded organisations (such as officer name)
- Correspondence and feedback
- Complaint information
- Details of access and correction requests
- Occupation and employment history
- Criminal history
- Recruitment information
You can also visit the Queensland Health Information Asset Register for more information about the types of personal information collected and held by Queensland Health.
When we collect personal information
We may collect personal information directly from you or from someone else, such as your local doctor or a relative in an emergency situation.
We collect personal information when you:
- visit our website (www.health.qld.gov.au)
- take part in Queensland Health surveys
- communicate with us or provide us with feedback
- visit a health care facility
- fill in a form (including online and paper forms)
- apply for a job with us
- ask us a question or make a complaint
- request access to, or correction of, your personal information.
When we ask you for your personal information, we will provide you with a notice to explain what personal information we need and why. This is called a ‘Privacy Notice’. We may provide you with a written or spoken Privacy Notice. For example, when you fill out a form that asks for your personal information, it will contain a Privacy Notice that explains why we need your information.
How personal information is shared
There may be times when we share your personal information. When we share your information, we do so in accordance with privacy law.
We may share your personal information with:
- your local doctor, or with a healthcare facility—e.g. we release your personal information (including health information) in order to facilitate your treatment
- your family, spouse or guardian—e.g. where you have nominated them for the purpose. If you do not wish for us to share your information with a person or organisation, you can ask us not to share it.
Queensland Health will not otherwise give your personal information to other government agencies, organisations or anyone else unless:
- we have your express permission
- there is a lawful ability or requirement for us to do so.
How personal information is managed
Queensland Health ensures the accuracy of the personal information we hold and keeps it secure through its lifecycle. In addition to the NPPs, we also apply Information Standard 18 of the Queensland Government Information Security Classification Framework.
Our contracted service providers also observe strict personal information management requirements.
Before we use your personal information, we may check with you to make sure it is accurate, complete and up to date. If you think we hold personal information about you that is inaccurate or out of date, please contact us. Find out more about correcting your personal information.
Queensland Health securely handles and destroys personal information. To do this we have a range of information security practices that align with the Queensland Government information security standard. This includes, for example, only allowing certain staff to access your information, using a login and password.
Protection of personal information from unauthorised access and disclosure is a priority for us. Any concerns about the security of your personal information held by Queensland Health should be reported.
Contact the Queensland Health Principal Privacy Officer via email: RTIPrivacy@health.qld.gov.au.
Microsoft 365 is a set of cloud-based productivity tools and integrated cloud services. Microsoft 365’s commonly used featured platforms for collaborative work include (but not limited to):
- Microsoft Teams—a collaboration and video conferencing platform that acts as a central hub for workplace communications via text chat, voice call, video call, calendar, notes, documents, and apps (including, from time to time, recording and capture of video and voice calls). Refer to the Queensland Health privacy notice: Use of Microsoft for meetings and recordings
- SharePoint—a cloud-based content collaboration and management platform where files can be shared and stored
- OneDrive—a personal cloud-based storage service. These platforms are integrated and provide Queensland Health with different avenues for sharing, organising and storing information.
Queensland Health uses these platforms in a manner consistent with our responsibilities and obligations under the Information Privacy Act 2009 (Qld), Right to Information Act 2009 (Qld) and Public Records Act 2002; and the Queensland Government Customer and Digital Group Collaboration platform (Microsoft Teams) guideline.
Collection by Microsoft when using Microsoft 365
Microsoft may collect your personal information as a result of using Microsoft 365 services and applications. Microsoft’s privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Queensland Health uses contracted service providers to provide particular services and functions of Queensland Health. Some examples include:
- electronic document management
- cloud-based storage
- community surveys and feedback collation.
To provide these services and functions, service providers may collect and use personal information on our behalf. Queensland Health still controls and is responsible for the information. Queensland Health ensures that service providers meet our privacy and confidentiality requirements. We do this by entering into a contract or service agreement with them that includes privacy and confidentiality clauses.
Queensland Health stores personal information that we collect in both electronic and analogue formats; that is, we use paper-based and electronic storage systems. The privacy rules apply, irrespective of how we store personal information.
For electronically held and managed personal information, we use Australian/Queensland data centres and back-up systems wherever possible. Where personal information must be stored in an overseas location, we take care to ensure that privacy and security controls are in place (e.g. through strict contractual requirements and avoiding storage locations where privacy rules appear insufficient).
Queensland Health will keep your personal information for the minimum period of time as required in a retention and disposal schedule approved by the Queensland State Archivist. The minimum retention period varies between classes of records according to the purpose and use of the records.
Once the minimum retention period has been met, records (including any personal information associated with the records) are securely destroyed using disposal methods appropriate for the type of format and security classification of the records.
The following retention and disposal schedules document the minimum retention periods for records maintained by Queensland Health:
Queensland Health maintains a number of social media accounts for the purpose of pushing out information about:
- our services
- health and wellbeing, generally
- important health alerts.
For information regarding Queensland Health social networking services, email email@example.com.
Monitoring of buildings
Some Queensland Health locations are equipped with Closed Circuit Television (CCTV) cameras. These are used to monitor safety and accessibility, as well as to deter (and capture evidence of) unlawful behaviour.
The CCTV cameras are owned and controlled by the Department of Housing and Public Works (DPW) as part of their whole of government services. The footage from the cameras is generally stored by DPW for 90 days before it is destroyed.
If you would like to enquire about the CCTV cameras, or you would like access to the footage, you can contact DPW via phone: (07) 3234 0777.
Some Queensland Health buildings have a secure check-in facility for visitors, consultants and contractors attending our premises. This computerised check-in collects personal information, such as name and mobile phone number.
Secure check-in facilities are owned and controlled by DPW as part of their whole of government services. DPW is responsible for the management of any personal information provided.
For more information about the secure check-in facilities provided by DPW, contact DPW via phone: (07) 3234 0777.
How to access or correct your personal information
You have the right to:
- access personal information we hold about you
- correct your personal information, where you think that it is inaccurate, incomplete, or out-of-date.
If you would like to access or correct your personal information, we are generally able to do this for you. Please write to us, letting us know how we can contact you and:
- what information you would like access to, or
- what information you would like to correct.
Before we can give you access or correct your personal information, you will also need to verify your identity. This is to ensure that we don’t give your personal information to anyone else.
We provide detailed information on how to access and correct your personal information, and how to access other Queensland Health information, on our Right to Information request page.
The page includes a form that you can download and complete. Please submit your completed form to:
Privacy and Right to Information Unit
Department of Health
GPO Box 48
There may be times where we may not hold the personal information that you request (for example, where you request health records or CCTV footage of you). If we do not hold your personal information, we will direct you to the right agency.
How to make a privacy complaint
More information about submitting a privacy complaint is available our Privacy Complaints page.
Understanding and addressing privacy complaints is an important part of our service. If you are dissatisfied with our response to your complaint, you have a right to contact Queensland’s privacy regulator.
The process is detailed on the website: Office of the Information Commissioner—making a privacy compliant.
Additional privacy information and resources
- Office of the Information Commissioner: About privacy in Queensland
- Information Privacy Act 2009 (Qld)
- Health records and personal information, which provides an overview of:
- personal information collected in health records
- protecting your information
- accessing and correcting your own health records
- accessing prison health records
- sexual health records
- Fact sheet: What happens to your personal information?
- Access your personal information with a Right to Information request
Fact sheet: Information privacy for position applicants