NSW Health Pathol­o­gy and has imple­ment­ed mea­sures to com­ply with its oblig­a­tions under pri­va­cy laws.

Gen­er­al infor­ma­tion about the pri­va­cy of patient infor­ma­tion can be found on the NSW Health web­site.  

Access to your pathology test results 

You have a legal­ly enforce­able right to access your per­son­al infor­ma­tion, includ­ing health infor­ma­tion. You are also able to con­sent to an autho­rised rep­re­sen­ta­tive or third par­ty receiv­ing the infor­ma­tion on your behalf.

You may access your pathol­o­gy test results in a num­ber of dif­fer­ent ways, includ­ing by con­tact­ing the med­ical prac­ti­tion­er who referred you for the test, or through your indi­vid­ual My Health Record. 

Alter­na­tive­ly, you can apply for access to results of pathol­o­gy tests con­duct­ed by NSW Health Pathol­o­gy by pro­vid­ing a com­plet­ed Patient Dec­la­ra­tion and Con­sent Form and proof of iden­ti­ty (e.g. cur­rent Aus­tralian driver’s licence or pass­port or two oth­er forms of iden­ti­fi­ca­tion that include sig­na­ture and cur­rent address details):

You can sub­mit this form by email to [email protected] or by mail to:

The Pri­va­cy Con­tact Offi­cer
NSW Health Pathol­o­gy
PO Box 846
NEWCASTLE NSW 2300 or

You can also apply over the tele­phone by call­ing the NSW Health Pathol­o­gy lab­o­ra­to­ry that con­duct­ed the test and pro­vid­ing proof of your identity. 

Access to a Coroners’ report or autopsy report

To obtain a copy of a coro­nial autop­sy report, a request must be made in writ­ing to the Coro­ner. Fur­ther infor­ma­tion is avail­able on the Coro­ners Court web­site

To obtain a copy of a non-coro­nial (i.e. hos­pi­tal) autop­sy report, a request should be made to the deceased person’s med­ical prac­ti­tion­er or the med­ical records depart­ment of the rel­e­vant hospital.

Access to personal information other than test results

If you wish to access your per­son­al health infor­ma­tion held by oth­er NSW Health facil­i­ties (e.g. hos­pi­tal admis­sion or dis­charge notes, refer­ral let­ters, oper­a­tion reports, radi­ol­o­gy reports) you will need to apply to the med­ical records depart­ment or man­ag­er of the health facil­i­ty you attended. 

Access to per­son­al infor­ma­tion held by NSW Health Pathol­o­gy oth­er than pathol­o­gy test results can be obtained by mak­ing a writ­ten appli­ca­tion to NSW Health Pathology’s Pri­va­cy Con­tact Offi­cer at PO Box 846, New­cas­tle NSW 2300 or by email to  [email protected]

You will be required to pro­vide proof of your iden­ti­ty, and may be required to pay a fee in accor­dance with the NSW Health – Health Records and Medical/Clinical Reports Charg­ing Pol­i­cy. We will aim to process your appli­ca­tion with­in 28 days of receipt. Some­times unavoid­able sit­u­a­tions may cause a delay. 

Access to your per­son­al infor­ma­tion may be declined in spe­cial cir­cum­stances, such as where pro­vid­ing access would expose you or anoth­er per­son to a risk of harm.

Release of information that is not personal health information

If you wish to apply for access to gov­ern­ment infor­ma­tion under the Gov­ern­ment Infor­ma­tion (Pub­lic Access) Act 2009 (GIPA Act), please refer to our Infor­ma­tion Guide

Privacy complaints 

The PPIP Act pro­vides a frame­work for resolv­ing com­plaints con­cern­ing the han­dling of per­son­al and/or health infor­ma­tion of indi­vid­u­als by gov­ern­ment agen­cies. The NSW Health Pri­va­cy Inter­nal Review Guide­lines out­line the process that is fol­lowed when a per­son wish­es to seek a review of cer­tain con­duct of NSW Health Pathol­o­gy regard­ing alleged breach­es of either the PPIP or HRIP Acts.

A request for an inter­nal review can be made where it is alleged that NSW Health Pathol­o­gy has:

  • Breached any of the Health Pri­va­cy Prin­ci­ples (HPP’s) that apply to the agency under the HRIP Act, or
  • Breached any of the Infor­ma­tion Pro­tec­tion Prin­ci­ples (IPP’s) that apply to the agency under the PPIP Act, or
  • Breached any code or direc­tion made under either Acts apply­ing to the agency, or
  • Dis­closed infor­ma­tion on a pub­lic reg­is­ter except in accor­dance with sec­tion 57 (PPIP Act only).

If you have a con­cern relat­ing to your pri­va­cy and you believe that NSW Health Pathol­o­gy has con­tra­vened an IPP or HPP, you may wish to request an inter­nal review to be under­tak­en by the Pri­va­cy Con­tract Officer.

For fur­ther infor­ma­tion on how to apply for an inter­nal review please con­tact [email protected] or refer to the Infor­ma­tion and Pri­va­cy Com­mis­sion NSW website.

If you are dis­sat­is­fied with the out­come of the pri­va­cy inter­nal review you may lodge an appli­ca­tion with the NSW Civ­il and Admin­is­tra­tive Tri­bunal who can con­duct a review of how your pri­va­cy com­plaint was han­dled by NSW Health Pathology.

Privacy Management Annual Reports

All pub­lic sec­tor agen­cies, includ­ing NSW Health Pathol­o­gy, are required to meet annu­al report­ing oblig­a­tions regard­ing pri­va­cy mat­ters. NSW Health Pathol­o­gy reports are pub­lished on our Infor­ma­tion Guide page. 

Use of website and Digital Tools

NSW Health Pathol­o­gy col­lects infor­ma­tion from users through their inter­ac­tion with our web­sites and tech­nol­o­gy tools. Any of our web­sites, apps, soft­ware, servers, social media plat­forms, cloud stor­age and devices are col­lec­tive­ly and sev­er­al­ly known as our Dig­i­tal Tools for this Pri­va­cy State­ment. This Pri­va­cy State­ment applies to all the inter­ac­tions NSW Health Pathol­o­gy has with you and our Dig­i­tal Tools.

A num­ber of our Dig­i­tal Tools con­tain links to exter­nal web­sites to pro­vide con­tent rel­e­vant to your use. When you open a link to an exter­nal web­site, you will leave our Dig­i­tal Tool. This pri­va­cy state­ment does not cov­er the pri­va­cy prac­tices, the use of cook­ies and track­ing tech­nolo­gies or the con­tent of these exter­nal­ly linked web­sites. There­fore, you should refer to the spe­cif­ic pri­va­cy poli­cies which may be dis­played on each exter­nal website.

As a user of our Dig­i­tal Tools, you are enti­tled to expect that any infor­ma­tion gen­er­at­ed because of your use will be treat­ed with­in the terms of the NSW Government’s pri­va­cy respon­si­bil­i­ties and oblig­a­tions. The NSW Government’s pri­va­cy prac­tices are reg­u­lat­ed by the Pri­va­cy and Per­son­al Infor­ma­tion Pro­tec­tion Act 1998 and the Health Records and Infor­ma­tion Pri­va­cy Act 2002.

What infor­ma­tion do we collect?

When you access our Dig­i­tal Tools, we auto­mat­i­cal­ly record infor­ma­tion about your inter­ac­tion with and use of our Dig­i­tal Tools. We col­lect dif­fer­ent types of infor­ma­tion depend­ing on the nature of the inter­ac­tion with you from a num­ber of dif­fer­ent sources includ­ing direct­ly from you and through your use of our Dig­i­tal Tools. For exam­ple, if you down­load and use an app, we will col­lect per­son­al infor­ma­tion to ver­i­fy your iden­ti­ty, and allow you the oppor­tu­ni­ty to use the app ser­vice. Oth­er exam­ples of infor­ma­tion we may col­lect include:

  • The IP (Inter­net Pro­to­col) address of the machine which has accessed it;
  • Your top-lev­el domain name;
  • The address of your server;
  • The date and time of your vis­it to the web­site or use of the app;
  • The pages, patient records or infor­ma­tion that you accessed through our Dig­i­tal Tools, and the doc­u­ments downloaded;
  • The pre­vi­ous web­site vis­it­ed; and
  • The type of brows­er and oper­at­ing sys­tem you have used.

How is the infor­ma­tion used?

The infor­ma­tion we col­lect is aggre­gat­ed with sim­i­lar logged infor­ma­tion and pub­lished in reports for us to iden­ti­fy pat­terns of usage of our Dig­i­tal Tools. This will assist us in improv­ing our Dig­i­tal Tools. We will also use the infor­ma­tion to oper­ate our busi­ness, which includes analysing our per­for­mance and meet­ing our legal oblig­a­tions and accred­i­ta­tion require­ments. We will not dis­close or pub­lish infor­ma­tion that iden­ti­fies indi­vid­ual machines, or poten­tial­ly iden­ti­fies sub-group­ings of address­es, with­out con­sent or oth­er­wise in accor­dance with the Pri­va­cy and Per­son­al Infor­ma­tion Pro­tec­tion Act 1998.

What excep­tions are there to this rule?

We will col­lect, use and dis­close more exten­sive infor­ma­tion than stat­ed above in the fol­low­ing circumstances:

  • Unau­tho­rised attempts to access files which are not pub­lished NSW Health Pathol­o­gy web pages;
  • Unau­tho­rised tam­per­ing or inter­fer­ence with files pub­lished on the NSW Health Pathol­o­gy web­sites or relat­ing to our Dig­i­tal Tools;
  • Unau­tho­rised attempts to index the con­tents of our apps or web­sites by oth­er sites;
  • Attempts to inter­cept mes­sages of oth­er users of our Dig­i­tal Tools;
  • Com­mu­ni­ca­tions which are defam­a­to­ry, abu­sive, vil­i­fy indi­vid­u­als or groups or which give rise to a sus­pi­cion that an offence is being com­mit­ted; and
  • Attempts to oth­er­wise com­pro­mise the secu­ri­ty of the web serv­er, breach the laws of the State of NSW or Com­mon­wealth of Aus­tralia, or inter­fere with the enjoy­ment of our Dig­i­tal Tools by oth­er users.

We reserve the right to make dis­clo­sures to rel­e­vant author­i­ties where the use of our Dig­i­tal Tools rais­es a sus­pi­cion that an offence is being, or has been, com­mit­ted. In the event of an inves­ti­ga­tion, we will pro­vide access to infor­ma­tion to any law enforce­ment agency or reg­u­la­to­ry agency that may exer­cise a war­rant to access this information.

In addi­tion, infor­ma­tion may be used and dis­closed for pub­lic health pur­pos­es and per­son­al infor­ma­tion may also be dis­closed to third par­ties where required by law or oth­er­wise law­ful­ly authorised.

Is the infor­ma­tion stored securely?

The infor­ma­tion we col­lect is stored in an appro­pri­ate­ly secure for­mat and held by NSW Health Pathol­o­gy for record keep­ing pur­pos­es. When the infor­ma­tion is no longer required, and its reten­tion peri­od has expired, it will be dis­posed of appro­pri­ate­ly. Strong data encryp­tion mech­a­nisms may also be used to pro­tect your per­son­al infor­ma­tion dur­ing trans­mis­sion and whilst your infor­ma­tion is stored.

What will we do with information provided in feedback or enquiry forms?

NSW Health Pathol­o­gy pro­vides a feed­back facil­i­ty on its web­site to allow users to pro­vide input into the future devel­op­ment of the site and to com­ment on the pro­vi­sion of ser­vices by NSW Health Pathology.

NSW Health Pathol­o­gy col­lects and holds per­son­al and health infor­ma­tion pro­vid­ed via the feed­back facil­i­ty for the pur­pose of respond­ing to and man­ag­ing your feed­back. The pro­vi­sion of per­son­al and health infor­ma­tion via the feed­back facil­i­ty is option­al. Your infor­ma­tion will not be used to add your email address or name to any mail­ing list.

NSW Health Pathol­o­gy may share feed­back that relates to an enti­ty with­in the NSW pub­lic health sys­tem with the rel­e­vant enti­ty for the pur­pose of respond­ing to your feed­back. A response to your feed­back may be pro­vid­ed direct­ly by the enti­ty iden­ti­fied. NSW Health Pathol­o­gy will not oth­er­wise dis­close your per­son­al or health infor­ma­tion with­out your con­sent, unless we are autho­rised or required to by law. NSW Health Pathol­o­gy may pub­lish aggre­gat­ed infor­ma­tion about feed­back on its web­site, to the extent that it does not iden­ti­fy or can­not be used to iden­ti­fy indi­vid­ual users. For fur­ther infor­ma­tion please refer to NSW Health Patient Privacy.

Data breach public notification register

Under the Pri­va­cy and Per­son­al Infor­ma­tion Pro­tec­tion Act 1998 (the PPIP Act), NSW Health Pathol­o­gy is required to main­tain a data breach pub­lic noti­fi­ca­tion reg­is­ter. When a pri­va­cy breach cre­ates a seri­ous risk of harm, NSW Health Pathol­o­gy is required to noti­fy the pub­lic and the indi­vid­u­als impact­ed by the breach.

When noti­fy­ing indi­vid­u­als is not pos­si­ble, or there is poten­tial that our noti­fi­ca­tion won’t cov­er every­one impact­ed by the breach, the inci­dent is record­ed on the fol­low­ing data breach pub­lic noti­fi­ca­tion reg­is­ter for 12 months:

There are cur­rent­ly no eli­gi­ble data breach­es to report.

More information 

For fur­ther details on how NSW Health Pathol­o­gy pro­tects your pri­va­cy and per­son­al infor­ma­tion, con­tact NSW Health Pathology’s Pri­va­cy Con­tact Offi­cer at PO Box 846, New­cas­tle NSW 2300 or [email protected].