(1) The Minister, by order published in the Government Gazette, must establish a Privacy Management Framework for the Electronic Patient Health Information Sharing System as soon as practicable after the day on which this Part comes into operation.
(2) In establishing the Privacy Management Framework, the Minister must consult with the following persons and bodies in relation to whether certain health information or classes of health information should require additional levels of protection under the Privacy Management Framework—
(a) relevant groups and organisations that represent the interests of patients, carers or health care workers;
(b) any relevant public sector body within the meaning of the Public Administration Act 2004 ;
(c) participating health services.
(3) The Privacy Management Framework must—
(a) specify categories of health information that are sensitive in nature and include a process to safeguard that information; and
(b) include a process to safeguard the identity of patients who may be at risk of harm, including patients who identify as being at risk of family violence; and
(c) include a process to facilitate patients accessing reports that specify who has accessed their health information through the Electronic Patient Health Information Sharing System; and
(d) include a process for regular audits and compliance checks of the Electronic Patient Health Information Sharing System.
(4) The Privacy Management Framework takes effect on—
(a) the day on which it is published in the Government Gazette; or
(b) a later day as specified in the order.
Note
Section 41A of the Interpretation of Legislation Act 1984 provides that the power to make an instrument includes the power to repeal, revoke, rescind, amend, alter or vary the instrument in the exercise of that power.
S. 134ZU inserted by No. 4/2023 s. 4.