When we collect personal information from you we will:

  • only collect information we need to carry out the functions of the Health Complaints Commissioner under the Health Complaints Act 2016 (Vic) and the Health Records Act 2001 (Vic)
  • ensure you know why we are collecting the information and how we will use the information
  • use and disclose your information only in accordance with the primary purpose or a directly related secondary purpose that you would expect. If we use the information for another purpose, we will ask your permission first (unless we are authorised by law to use the information as required)
  • store your information securely and protect it from unauthorised access
  • retain your information for the period authorised by the Public Records Act 1973 (Vic)
  • give you access to your own information, and ensure you can request corrections to the information.

Personal and health information held by the HCC

You can access and browse our website without disclosing personal information. We will only record your email address, contact details and other personal information if you:

  • send us a message or communicate with our office
  • make a complaint or enquiry including these details
  • make a request under the FOI Act
  • register for or enquire about our education programs.

We may use de-identified personal and health information in our Annual Report and education programs.

Complaint Handling

The personal and health information we collect mostly relates to considering and, where appropriate, resolving or investigating complaints under the Health Complaints Act (HCA) or the Health Records Act (HRA). We will only collect the personal and health information that is necessary to perform these functions. We will ensure any personal and health information you provide will not be disclosed, except when this is consistent with the HCA, HRA, the provisions in the PDPA or any other law.

If you make a complaint to us, that complaint may be forwarded on to another body for appropriate action, including to the organisation that is the subject of the complaint. We may forward your complaint on as part of our investigation or complaint resolution processes, or if the law requires us to do so. If you make a complaint and do not wish your identity to be disclosed (to anyone, or to a specific person or body), you should let us know. All requests for anonymity will be considered. But note that if you ask to be anonymous, we may be unable to resolve or investigate your complaint. By law, we are required to notify the Australian Health Practitioner Regulation Agency (Ahpra) of all complaints involving registered health practitioners and to share a copy of the complaint with Ahpra.

Education programs

We provide educational programs and we collect personal information as part of this process. If you register for or enquire about our education programs, your information may be provided to the individuals or organisations responsible for organising and delivering these programs.

Collection notice

We usually collect personal and health information from you, or from your authorised representative, to help us carry out our functions or activities under the HCA, HRA and other laws. When collecting personal and health information we take reasonable steps to advise you of the information we are seeking and how we will use it. We sometimes collect personal and health information from other people/organisations under specific provisions in the HRA and the HCA.

Staff confidentiality

Our staff are legally obliged to maintain confidentiality of information gained in the course of their employment under s.90 of the HRA and ss 150 – 152 of the HCA. Staff are also subject to the Victorian Public Service Code of Conduct for special bodies.

Data quality and security

We have technology and security policies, rules and measures to protect the personal information we have under our control from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss.

We use a number of procedural, physical and hardware safeguards, together with access controls and back-up systems, to protect information from misuse and loss, unauthorised access, modification and disclosure.

But you should be aware that there are risks in sending information online. While we try to protect this information, we cannot ensure the security of any information sent to us online and individuals do so at their own risk. If you are concerned about sending sensitive material to us over the internet, contact us.

Access and correction

We take reasonable steps to make sure the information we hold is accurate, complete, up-to-date and relevant to our functions and activities by checking information with individuals and organisations at relevant points in the progress of a complaint, investigation or other process. We also rely on you to let us know when your contact details have changed.

The Freedom of Information Act 1982 (FOI Act) provides an individual person the right to request access to documents held by the HCC. This right of access is subject to limited exemptions.

The object of the FOI Act is to extend as far as possible the right of the community to access information in the possession of the Government and other entities constituted under the law of Victoria.

You have a legal right to request access or correction of your personal information held by us under the Freedom of Information Act 1982 (FOI Act). A request must be made in writing and clearly describe the documents you are seeking access to. Once we understand what documents you are seeking, we will process your request and provide you with a decision within the statutory timeframe, being 30 days after the date of your request, or up to 45 days if consultation with third parties is required.

You need to include the application fee or provide evidence of financial hardship (such as a Centrelink concession card) if you are asking for a fee waiver. Further access charges may apply where documents are released under the FOI Act, unless hardship applies. Refer to our Freedom of Information page for details.

In many instances, we will be able to provide you with the information you are seeking without requiring you to make a formal request for access. Consider contacting us at [email protected] to let us know what documents or information you are seeking. This may assist us to consider whether we can informally release the documents to you without the need for a formal FOI request.

Requests under the FOI Act should be:

  • emailed to [email protected] if a waiver is sought for hardship. Copies of documents in support of the waiver request should also be provided; or
  • mailed to us by registered post to the following address: FOI Officer, Health Complaints Commissioner , Level 26, 570 Bourke Street, Melbourne, Vic 3000  along with a cheque or money order made out to ‘Health Complaints Commissioner’ for the application fee. (Online requests with electronic payment are not available).

Please describe what documents you are requesting access to, and please try to be clear and specific about the documents you are seeking. If you are requesting your personal information, you should provide evidence of your identity (e.g. a certified copy of your current driver’s licence or other photographic identification).

For further information about making an FOI request, visit the Office of the Victorian Information Commissioner.

Unique identifiers

We will not assign – or adopt from another organisation – unique identifiers for an individual, and we will not ask for unique identifiers unless it is necessary for complaint handling or required by law. Each complaint we receive is given its own record number.

Retention and destruction of personal and health information

We retain and destroy records according to the requirements of the Public Records Act. Destruction of personal and health information takes place by way of a secure destruction process.

Trans-border data flows

Generally, we will not send personal health information outside Victoria without obtaining your consent or as required by law. In the case of prohibition orders about non-registered practitioners, we may send information to other states and territories as part of a national mutual recognition scheme.

Complaints about how we have handled your information

If you are concerned about how the HCC has handled information about you then you can complain to us by using our enquiry form or in writing. 

If the matter is not resolved and the information about you does not include your health information, you can complain to the Office of the Victorian Information Commissioner.

If the matter is not resolved and the information about you does not include your health information, we will inform you about your options, which may include referral to VCAT.