Go to top of page


The Administrator’s Data Privacy, Secrecy and Security Policy outlines the approach to the collection, use, storage, disclosure and destruction of data received by us or the Administrator. This policy ensures the collection and use of data is in line with the Australian Privacy Principles, and the secrecy and patient confidentiality provisions in the NHR Act and other statutory protections.

Our organisation and the Administrator must handle ‘personal information’ in accordance with the requirements imposed by the Privacy Act 1988. Data held by us or the Administrator is considered ‘personal information’ if it relates to an individual whose identity is apparent or reasonably identifiable.

The Administrator’s policy outlines protocols to ensure we, or the Administrator, receive identifiable information. The policy also outlines protocols for instances where information received by either party may become identifiable, and therefore caught by relevant privacy provisions. The protocols include advising the data steward of the instance, precluding officers from disclosing information, and disposing of records securely.

Review of the Data Privacy, Secrecy and Security Policy

We commissioned a number of reviews of the Data Privacy, Secrecy and Security Policy. As a result, we are developing a data management framework, and strategy and implementation plan that will be completed in consultation with stakeholders through the Administrator’s JAC.

Information publication scheme

The Freedom of Information Act 1982 (FOI Act) gives members of the public a right to access copies of documents, other than exempt documents that we hold.

Agencies subject to the FOI Act are required to publish information to the public as part of the Information Publication Scheme.

In 2017–18, we received three FOI requests.

We publish FOI information on our website at: nhfb.gov.au/contact‑us/ freedom‑of‑information.