The main law that protects the privacy of your health information is the Commonwealth Privacy Act 1988, but there are also additional laws in each state and territory. In general, it is illegal for most employers and all health care services to share any identifiable information about your health without your permission.1

Confidentiality at health services

Your health practitioner should only collect your health information with your consent. This includes performing any tests, such as a blood test for hepatitis B or hepatitis C.2

If you are concerned about how a health service has handled your personal information, you can make a complaint. You can read more about making complaints about privacy of information in your state or territory on the Office of the Australian Information Commissioner (OAIC) website.

There are only a few cases where a health service can disclose your health information. These may include where there is serious risk to the life, health or safety of you or another person; where required by law; or where there is a public health risk.2

Hepatitis B and hepatitis C are also notifiable diseases. This means that your doctor must notify government health authorities that you have been diagnosed with hepatitis B or C. No information about you or your health will be made public. You can read more about notifiable diseases on the healthdirect website.

My Health Record

All Australians who did not opt out of My Health Record will have a record created. Information on your record may be accessible to other health care providers involved in your care, including information about your hepatitis status.

You can control who has access to information on your record. You can also choose to cancel your record at any time. For more information about how to access and control your record, visit the My Health Record site.3

Confidentiality in the workplace

Employers cannot tell other people that you have hepatitis B or C without your permission. Many organisations are bound by the Privacy Act or similar legislation, but even if they are not, they have contractual obligations to maintain confidentiality in an employment relationship.4 That being said, it can be difficult to get a satisfactory outcome if your employer has breached your confidentiality, so you should think carefully before you decide to tell them.

If you feel that your employer has breached your confidentiality, you can contact one of these organisations for advice:


  1. Privacy Act 1988. (2019, August 13). Australia: Federal Register of Legislation.

  2. (n.d.). Guide to Australian HIV Laws and Policies for Healthcare Professionals. Retrieved from ASHM:

  3. Australian Digital Health Agency. (n.d) For you & your family. Retrieved from My Health Record:

  4. Australian Human Rights Commission. (2010). 2010 Workers with Mental Illness: a Practical Guide for Managers - Appendix A: Knowing the Law. Retrieved from Australian Human Rights Commission:  

Page updated: 9 April 2020