Patients are entitled to access their health records, except for a limited number of important exceptions outlined under Australian Privacy Principle (APP) 12, for example, if the request for access is frivolous or vexatious or the record-keeper is required or authorised to refuse that access by law. The details regarding access to records differs depending on the context in which they were created and the holder of those records.
Individuals contacted through contact tracing processes, either as an index case (original person identified with HIV) or a subsequent contact, are not entitled to any information relating to their contact’s identity, behaviour or diagnosis without that person’s consent, even if that information is in the patient’s records. Should a patient wish to access their own records in this context, however, details of the identity of any contacts contained in their records must be redacted to protect that person’s privacy, unless consent from the third party has been obtained (see, S54(2)(a) of the Government Information (Public Access) Act 2009 No 52 (NSW) and generally AJD v Royal Prince Alfred Hospital [2014] NSWCATAD 125; (2 September 2014)).