Information access and privacy2025-07-01T16:28:00+10:00

Information access and privacy

On this page

    Metro North Hospital and Health Service (Metro North Health) respects the privacy of patients and their families.

    Your previous care history can help us identify which treatments are likely to be safe and effective for you and can also help reduce the likelihood of repeating tests unnecessarily.

    Metro North Health is subject to privacy and confidentiality legislation which sets the standards for how we handle your personal information. More information on how Metro North Health handles your personal information can be found in our QPP Privacy Policy and Plan.

    Information collected in health records

    When you attend a health facility, a record is made that contains:

    • your name
    • your address and contact details
    • the nature of the problem
    • your family history
    • a diagnosis and treatment
    • test results, x-rays and scans
    • Medicare and Commonwealth benefit card details.

    Health records

    Health information may be contained in paper records, electronic information systems or in other mediums depending on the tests and treatment you have received. 

    Every time you attend a health facility, new information is added to your record. Information will generally be collected directly from you.  However, there may be circumstances where we may need to talk to someone else, for example, your doctor or a relative, in an emergency situation.  This information may also be included in your record.

    Electronic information systems

    ‘The Viewer’ is a read-only web-based application that sources available electronic information from a number of systems.

    It is available to all Queensland Hospital and Health Services as well as other outpatient centres, community centres and primary care centres that register to access the system.

    The Australian Government’s My Health Record system is a secure online summary of your health information. You control what goes into it and who is allowed to access it.

    Metro North Health uploads some information to your My Health Record where you have had a record created and you have not told us you do not wish to have your information uploaded. The information includes pathology test results, medical imaging reports and discharge summaries. These documents are generally available for you to see 7 days after the documents are uploaded.

    The My Health Record is a Commonwealth government initiative. More information on how to access or create your My Health Record is available.

    Who owns my health record?

    Your actual medical record is the property of Metro North Health, however, you are able to access your information under the provisions of the Administrative Access Scheme or the Right to Information Act 2009 (Qld).

    Using another name

    We know some people may wish to use another name (alias) when receiving health services. However, this may prevent us from finding all the information we hold about you and providing appropriate care.

    Regardless of whether or not you use an alias, we will search our records and attempt to match and merge all records about you.

    Our privacy and confidentiality obligations

    All staff are bound by a strict legal duty of confidentiality under the Hospital and Health Boards Act 2011 (Qld).  It is an offence for our staff to give information about you to anyone except under limited circumstances set out in the Act.

    The Information Privacy Act 2009 (Qld) also imposes obligations on how we collect and handle your personal information.  We maintain strict security policies and practices with respect to who has access to personal information about you.

    If you have any questions about privacy and confidentiality within Metro North Health facilities, talk to the privacy and confidentiality contact officer at the hospital you are attending.

    When can my information be disclosed?

    There may be occasions when we need to use or disclose your personal information, such as where the following circumstances apply:

    • you (the individual) have consented
    • you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies or agencies
    • it is otherwise required or authorised by law
    • it will prevent or lessen a serious and imminent threat to somebody’s life or health
    • it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
    • broad epidemiological studies of disease and other medical research
    • ongoing medical treatment
    • collecting information about particular health conditions such as life threatening diseases and diseases with high public health risks
    • planning for health services
    • evaluation, managing, and monitoring of health services
    • health service investigations into quality of clinical care
    • funding and private health insurance matters such as billing and recovering debt in relation to services received
    • child protection, domestic violence, police investigations
    • providing access to IT service providers to test and maintain data systems
    • disciplinary matters for health practitioners
    • order or subpoena in relation to a court or legal matter
    • providing access to the Red Cross for blood tracing tissue and products.

    In some circumstances we are legally obliged to disclose information about you, such as:

    • if your records have been subpoenaed for a court case
    • collecting information about particular health conditions such as life-threatening diseases or diseases with high public health risks.

    We will ensure that any such disclosure is limited to only what is necessary. On occasion, information may be used for research that will help us to improve healthcare practices without your consent. All research involving patients must undergo ethics consideration and be authorised before it can be conducted.

    Register of Public Data Breach Notifications

    The Information Privacy Act 2009 (Qld) requires Metro North Health to publish a Notice in relation to an eligible data breach when it is not reasonably practicable to notify the individuals affected by the breach directly.

    Register of all public notifications made by Metro North from 1 July 2025:

    Data breach identifier Date of data breach Date Metro North became aware of breach Description of data breach Type of data breach
    Metro North Health has had no eligible data breaches since 1 July 2025

    Public reporting of data breaches or privacy concerns

    Members of the public can report suspected data breaches or raise concerns about how we have managed your personal information held by Metro North Health using the online enquiry form.

    Back to top