Health Records

Purpose of this policy

To ensure schools keep medical records confidential.


Parents/carers or adult/independent students provide health care information:

  • at enrolment or transition
  • at least annually thereafter.

Principals must ensure that:

  • roles and responsibilities for health records management are outlined ensuring effective record keeping and that respectful and confidential communication between family, health professionals and the school occurs
  • staff who receive or to have access to confidential information, both verbal or written, understand their responsibility to keep this information confidential.

Schools must apply information privacy principles when collecting, using, retaining or disposing of personal or health information.

Responsibilities for providing health care information

This table describes the responsibilities for providing and gathering health care information.



Parents/ guardians

  • Ensure the school has relevant health care information about their child.
  • May choose to limit the release of information about chronically ill or critically injured students.


  • Exercise sensitivity to the family’s needs.
  • If parents/carers or adult/independent students wish to limit the release of information, the school must inform them:
    - of the school’s need to be aware of the student health conditions and first aid requirements so that plans for support can be put in place
    - how their personal and health information is protected.
  • Subject to consent from the parent/carer provide assistance by providing observations (not interpretations of behaviour) of the student’s behaviour, which can then be used to assist the student’s medical/health practitioner in monitoring and planning their health care.

Health professionals

  • Can give general information about processes involved in an illness or recovery from an injury, as this information is freely available
  • Must not divulge a student’s personal information unless:
    - parent/guardian consent is provided
    - they are legally obliged to, or
    - an exemption clause in privacy legislation applies.

Note: If seeking to invoke an exemption clause contact the Department's FOI and Privacy Unit for advice, see:  Department resources


Confidentiality refers to the protected status of information provided on the understanding that it will not be accessible to other people without the approval of parents/guardians or if appropriate the student.

Confidentiality is guarded by:

  • ensuring records are secure, for example in a locked filing cabinet
  • preserving confidentiality when handling written or oral information
  • conducting personal interviews in a private environment
  • training staff in information handling procedures
  • monitoring access to databases and systems that contain personal and health information
  • periodically reviewing:
    • appropriate access levels to databases and systems
    • data security arrangements.

Breaches of privacy

If information has been inadvertently disclosed a range of steps need to be taken to manage the issue. Contact the Department's FOI and Privacy Unit for advice see: Department resources

Related policies

Related legislation

  • Health Records Act 2001
  • Information Privacy Act 2000

Department resource