Privacy and information in Nepean Blue Mountains

You are entitled to request access to all personal information the Nepean Blue Mountains LHD holds about you, including your health record.

You can request to view or obtain copies by contacting the relevant service.

Your personal information includes your personal details and personal health information relating to your treatment and care.

All NSW Health staff, including Nepean Blue Mountains LHD, are bound by the Health Records and Information Privacy Act 2002 (HRIP Act) which applies to health privacy, and Privacy and Personal Information Protection Act 1998 (PPIP Act) which applies to non-health personal information.

Our doctors, nurses and other staff are bound by law, by the NSW Health Privacy Manual for Health Information, and by a strict code of conduct to keep patient information private and confidential.

We collect your personal information so we can provide you with treatment and advice. Test results and other information collected while you are being treated are kept with your health record. We only collect information that is relevant and necessary for your treatment and to manage the health services we provide.

We collect information directly from you, wherever possible. We may need to collect information from other health professionals involved in your care. Occasionally, for example in an emergency, we may also need to collect information from a family member, friend, carer or other person who can help us provide you with the best care.

Your information may be held in paper or electronic files, including visual image and audio formats. We take all reasonable steps to ensure the information we collect about you is stored securely. We are required by law to retain health records for certain periods of time, depending on the type of record and facility. We have appropriate systems and policies in place to protect your information from loss, unauthorised access and misuse.

If you do not want us to collect certain information about you, you need to tell us and we will talk to you about any consequences this may have for your health care.

The health information Nepean Blue Mountains LHD collects about patients is held in a health care record that may be both paper and electronic and may include visual images and audio formats.

• We take all reasonable steps to make sure that the health information we collect about patients is stored securely.
• We are required by law to keep health records for certain periods of time, depending on the type of record and facility.
• We will only use or disclose your information for purposes directly related to your treatment, and in ways you would reasonably expect for your current and future care.
• Your personal health information will be shared with staff involved in your care, so they can provide you with the best treatment.
• Relevant information about the health services you have received will be sent to your nominated GP, unless you request otherwise.
• Where necessary, and permitted by law, health information may be sent to other treating health care professionals, health services or hospitals involved in your care, to the Ambulance Service of NSW, to a specialist for a referral, for pathology tests, x-rays and so on.
• We may be required to disclose some patient information to courts and tribunals and to State and Commonwealth government agencies to comply with laws regarding the reporting of notifiable diseases and statistics, and for the registering of births and deaths. Your personal information may be required as evidence in court when subpoenaed.
• We may use or disclose patient information for billing and other purposes required for the operation of the NSW Health Service, including safety and quality improvement initiatives. Where relevant, we may need to disclose patient information to Medicare, private health funds, the Department of Veterans Affairs or The Australian Council on Healthcare Standards.
• We may use your information to contact you regarding patient satisfaction surveys to help us evaluate and improve our services.

In line with privacy guidelines we may use or disclose your information for:

• public interest research projects complying with strict protocols and approved by a Human Research and Ethics Committee
• staff and student training purposes
• other planning, financial or management purposes for health service activities.

The statutory guidelines ensure that where your information is needed for these purposes and it is impracticable to seek your consent, a minimum of personal information is used, and the personal information is handled in accordance with strict standards.

We will seek your consent before the use or disclosure of patient information for purposes other than those listed above.

Privacy complaints may either be addressed as informal complaints, handled through existing complaints handling and investigation processes, or handled formally under privacy law via the internal review process, in accordance with NSW privacy legislation.

If you believe your personal or health information has been misused, you can:

• Contact our Privacy Contact Officer to discuss your complaint or concerns.
• Lodge an application for internal review with us within 6 months.

We will consult with the NSW Privacy Commissioner and complete the internal review within 60 days (if practicable). There is no fee for an internal review. See the NSW Health Privacy Internal Review Guidelines and our privacy internal review information sheet (PDF 59.05KB).

If you're unhappy with the result of the privacy internal review (or if it hasn't been completed within 60 days) you can appeal to the NSW Civil and Administrative Tribunal (within 28 days) to investigate your complaint.

• You can also contact the Office of the NSW Privacy Commissioner on (02) 8868 8585 or visit Privacy NSW.

Privacy Management Annual Report 2023-2024 (PDF 210.75KB)

Privacy Management Annual Report 2022-2023 (PDF 1.12MB)

Privacy Management Annual Report 2021-2022 (PDF 114.32KB)

Privacy Management Annual Report 2020-2021 (PDF 227.08KB)

Privacy Management Annual Report 2019-2020 (PDF 233.44KB)

If you have any questions about these reports, or need help to access these or older reports, email nbmlhd-privacy@health.nsw.gov.au.

A formal application for information held by Nepean Blue Mountains LHD (other than your own personal health record detailed above) must be in writing, clearly indicating that it is an access application made under the GIPA Act.

To make a formal application for government information contact our Right to information coordinator.

It must be accompanied by a fee of $30, state a postal or email address for correspondence in connection with the application, and must include enough details to enable the information requested to be identified. 

Once we have made a decision on your access application you will be notified of the outcome of your request. If access is not provided, either in whole or in part because there is an overriding public interest against disclosure, you will be advised of the reasons for this decision.

See the Government Information Public Access Act (GIPA) website for more information.

The Information and Privacy Commission provides more information on your review rights under the GIPA Act.

A request for an internal review should be made in writing.

For further information please contact our Right to Information Coordinator.

The following reports were produced by Nepean Blue Mountains LHD in accordance with GIPA Act requirements.

GIPA Annual Report 2023-2024 (PDF 649.19KB)

GIPA Annual Report 2022-2023 (PDF 631.28KB)

GIPA Annual Report 2021-2022 (PDF 247.07KB)

GIPA Annual Report 2020-2021 (PDF 245.7KB)

GIPA Annual Report 2019-2020 (PDF 246.4KB)

If you have any questions about these reports, or need help to access these or older reports, email nbmlhd-roi@health.nsw.gov.au.

If we make a decision not to disclose open access information due to an overriding public interest, we will publish a record detailing the information not released on our website. This will include the reasons behind the decision not to release the information.

No documents have been tabled in Parliament by or on behalf of NBMLHD since the commencement of the GIPA Act. We will publish links here if any documents are tabled in future.

The GIPA Act requires agencies to record and publish certain information about some contracts with private sector bodies. Part 3, Division 5 of the GIPA Act states that information about contracts worth more than $150,000 between agencies and private sector bodies must be recorded in a register of government contracts.

View the contracts register then email us to request a copy of the releasable information.

Information which we are required to make freely available includes our:

• Agency Information Guide (PDF 1.1MB)
• Policy and procedure list - see NSW Health policies and procedures as well as a list of Nepean Blue Mountains LHD policies and procedures (PDF 398.24KB)
• Disclosure Log

All NSW Health entities are required to disclose, and certify the accuracy and completeness of the contents of the following registers:

• The NSW Health Gifts of Government Property register. This is maintained to meet the requirements of the Treasurer's Direction TD21-04.
• The NSW Health Statutory Acts of Grace register. This is maintained to meet the requirements of the Treasury Circular TC22-01 Statutory Act of Grace Payments.

For detailed information, see the NSW Health Gifts of Government Property and Statutory Acts of Grace registers page.