ALZ v WorkCover NSW

[2014] NSWCATAD 49

NCAT Administrative and Equal Opportunity|2014-04-24

View original source

At a glance

Source facts

Court

NCAT Administrative and Equal Opportunity

Decision date

2014-04-24

Catchwords

133003

Source

Original judgment source is linked above.

Catchwords

133003

Judgment (36 paragraphs)

[1]

reasons for decision 1This matter was commenced in the General Division of the Administrative Decisions Tribunal ("the ADT") pursuant to the Administrative Decision Tribunal Act 1997 ("the ADT Act"). On 1 January 2014, the ADT was abolished and its functions were taken over by the Civil and Administrative Tribunal of New South Wales ('NCAT'). The present decision is therefore a decision of NCAT. However, because the proceedings to which it relates are 'part heard proceedings' as defined in clause 6(1) of Schedule 1 of the Civil and Administrative Tribunal Act 2013, they are to be determined as if that Act had not been enacted (see clause 7(3)(b) of this Schedule). 2In these reasons the names of private individuals have been anonymised so as to preserve the privacy of their personal affairs. The Applicant is referred to as ALZ. 3These two matters relate to a complaint by the Applicant regarding the collection, use, storage, disclosure, access and accuracy of her health information. She alleged that the Respondent's conduct in regard to the information was in breach of several the Health Privacy Principles ("HPPs"), set out in Health Records and information Privacy Act 2002 ("HRIP Act"). At relevant times the Applicant was employed by a local council ("the Council"). 4The conduct concerns a medical report dated 10 November 2011 ("the medical report") by a psychiatrist, Dr Prabal Kar. The medical report was prepared in relation to a workers compensation claim brought by the Applicant against the Council. The workers compensation insurer which covered the Council for workers compensation claims was StateCover Mutual Limited ("StateCover"). StateCover and the Council were responsible for processing and managing the Applicant's workers compensation claim. The Respondent obtained a copy of the medical report from the Council. 5The Applicant lodged two applications for internal review of the Respondent's conduct relating to the medical report. The first application requested a review of the conduct related to the collection of the medical report from the Council. The second application requested a review of conduct related to the use, storage, disclosure, and access and accuracy of the medical report. 6The Respondent's Privacy Officer conducted both internal reviews, and made determinations in each of them that no breach of the HPPs was established. The Tribunal may review the conduct that was the subject of the application for internal review. 7The Applicant subsequently lodged two Applications in the Tribunal, seeking review of the Respondent's conduct in regard to the medical report (matter numbers 123291 and 133003). Although the Applications deal with different HPPs, they concern the same conduct. 8The Tribunal's jurisdiction is limited to reviewing contraventions of the HPPs by a "public sector agency. It is not in dispute that the Respondent is a "public sector agency" as defined section 4(1) of the HRIP Act. The scope of the application to the Tribunal is limited to conduct that was the subject of the application for internal review to the Respondent. Matters which the Applicant raises which do not fall within that scope are outside the Tribunal's jurisdiction. 9The Respondent denies that its conduct contravened any of the HPPs. 10By agreement between the parties, the Applications are to be determined 'on the papers' with the benefit of written submissions by the parties but without the need for a hearing. The parties agreed that the issue of liability should be determined as a preliminary issue.

[2]

Background 11In August 2011 the Applicant was the subject of an allegation of falsifying time sheets in relation to her work with the Council. She met with her supervisor and her manager in relation to the issue and amendments were made to the timesheets to reflect the outcome of the meeting. 12The Applicant alleged that she was subsequently singled out for unfavourable treatment. She made a complaint of bullying against her supervisor and her manager under the Council's Occupational Health and Safety procedures. 13The Council's employee relations officer investigated the complaint. He made a draft finding that the Applicant hadn't been bullied and gave the Applicant the opportunity to respond to his draft finding. The Applicant provided a response. The Council's employee relations officer made a final finding that the Applicant hadn't been bullied but recommended an apology and that other action be taken. 14The Applicant was not happy with the outcome of the investigation. She phoned WorkCover to inquire about making a bullying complaint. She spoke to an inspector. Her complaint was allocated to Inspector Mick Dall. 15The Applicant's complaint was that she had been subjected to bullying directed towards her in the course of her employment with the Council. 16In September 2011 Inspector Dall conducted an investigation under the Occupational Health and Safety Act 2000 ("OHS Act") in regard to whether breaches of the OHS Act had occurred. As part of the investigation he spoke with representatives of the Council, including its employee relations officer. Inspector Dall did not contact the Applicant at that time. In October 2011 the Applicant arranged to provide Inspector Dall with the details of her complaint. Inspector Dall received and considered documents from both the Council and the Applicant. 17The OHS Act was replaced by the Work Health and Safety Act 2011 on 1 January 2012. Comparable powers are available under the Work Health and Safety Act 2011 to those exercised by Inspector Dall. 18Also in October 2011 the Applicant went on sick leave and lodged a workers compensation claim. She was diagnosed as suffering from anxiety and depression. 19In November 2011, StateCover required the Applicant to attend an appointment with Dr Kar. The purpose of the appointment was to determine the liability of the Applicant's claim. The medical report, prepared by Dr Kar, was unfavourable to the Applicant. StateCover declined the Applicant's workers compensation claim in December 2011. 20In November 2011, the Applicant was disciplined for alleged rudeness. The disciplinary process was a documented informal verbal discussion ("DIVD"). 21Inspector Dall subsequently met with the Applicant's manager, the Council's employee relations officer, and the Council's human resources manager. Inspector Dall was given a copy of the DIVD but the Applicant contends that the copy provided did not contain her point of view. The Applicant contends that Inspector Dall did not advise her that he had been given a copy of the DIVD nor was she given an opportunity to respond. 22During the course of a meeting with representatives of the Council on 6 December 2011 Inspector Dall obtained information that the Applicant had made a workers compensation claim. Inspector Dall was also informed that StateCover had had regard to the medical report. 23On 7 December 2011, Inspector Dall notified the Applicant that the investigation was completed and he had formed the view that no breach of the OHS Act was made out. Inspector Dall did not tell the Applicant that he was awaiting further material at that time. 24The following week, Inspector Dall told the Council's return to work officer that the medical report was relevant to his investigation and made an oral request for a copy of the medical report. Inspector Dall made that request under section 59 of the OHS Act, which permits an inspector to make an oral demand for documents or information relating to an investigation under the OHS Act. Inspector Dall also advised the Council's return to work officer that if she did not provide the medical report to him, he would issue a formal notice under section 62 of the OHS Act which would compel the Council to provide the medical report. 25On 15 December 2011, the Council's return to work officer provided Inspector Dall with a copy of the medical report. Inspector Dall considered the report as part of his investigation. Inspector Dall subsequently prepared a report, dated 19 January 2012, on the Respondent's investigations database known as the "Workplace Services Management System" ("WSMS"). Inspector Dall concluded that no breach of the OHS Act was established, and recommended that no further action be taken in the matter. 26Mr Paul Irwin, the Respondent's District Coordinator, subsequently confirmed Inspector Dall's conclusion. Mr Irwin considered the medical report in his review. 27In January 2012 the Applicant applied to the Respondent under the Government Information (Public Access) Act 2009 ("the GIPA Act") for access to the documents pertaining to Inspector Dall's investigation. The documents were provided to the Applicant in March 2012. 28The documents released under the GIPA Act revealed that Inspector Dall had quoted a paragraph directly from the psychiatric report in support of his findings. 29The Applicant was upset that Inspector Dall had used the medical report in this way. She believed that her health privacy had been violated and requested an explanation for, and an internal review of, the alleged breach. 30She believed that the Respondent had contravened several of the Health Privacy Principles ("HPPs") set out in the HRIP Act. She alleges contraventions of HPPs 1, 3, 4, 5, 6, 7, 9, 10 and 11. 31The Respondent's contends that it did not contravene any of the HPPs identified by the Applicant.

[3]

Applicable legislation 32The term "personal information" is defined in section 5 of the HRIP Act as: 5 Definition of "personal information" (1)In this Act, "personal information" means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. (2) Personal information includes such things as an individual's fingerprints, retina prints, body samples or genetic characteristics. (3)Personal information does not include any of the following: ... (m)information or an opinion about an individual's suitability for appointment or employment as a public sector official, ... 33The term "health information" is defined in section 6 of the HRIP Act as: "health information" means: (a)personal information that is information or an opinion about: (i) the physical or mental health or a disability (at any time) of an individual, or but does not include health information, or a class of health information or health information contained in a class of documents, that is prescribed as exempt health information for the purposes of this Act generally or for the purposes of specified provisions of this Act. 34The relevant HPPs are set out in Schedule 1 to the HRIP Act as follows: SCHEDULE 1 - Health Privacy Principles ... 1 Purposes of collection of health information (1)An organisation must not collect health information unless: (a)the information is collected for a lawful purpose that is directly related to a function or activity of the organisation, and (b)the collection of the information is reasonably necessary for that purpose. (2)An organisation must not collect health information by any unlawful means. ... 3 Collection to be from individual concerned (1)An organisation must collect health information about an individual only from that individual, unless it is unreasonable or impracticable to do so. (2)Health information is to be collected in accordance with any guidelines issued by the Privacy Commissioner for the purposes of this clause. 4 Individual to be made aware of certain matters (1)An organisation that collects health information about an individual from the individual must, at or before the time that it collects the information (or if that is not practicable, as soon as practicable after that time), take steps that are reasonable in the circumstances to ensure that the individual is aware of the following: (a) the identity of the organisation and how to contact it, (b)the fact that the individual is able to request access to the information, (c)the purposes for which the information is collected, (d)the persons to whom (or the types of persons to whom) the organisation usually discloses information of that kind, (e)any law that requires the particular information to be collected, (f)the main consequences (if any) for the individual if all or part of the information is not provided. (2)If an organisation collects health information about an individual from someone else, it must take any steps that are reasonable in the circumstances to ensure that the individual is generally aware of the matters listed in subclause (1) except to the extent that: (a)making the individual aware of the matters would pose a serious threat to the life or health of any individual, or (b)the collection is made in accordance with guidelines issued under subclause (3). (3)The Privacy Commissioner may issue guidelines setting out circumstances in which an organisation is not required to comply with subclause (2). (4)An organisation is not required to comply with a requirement of this clause if: (a)the individual to whom the information relates has expressly consented to the organisation not complying with it, or (b)the organisation is lawfully authorised or required not to comply with it, or (c)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ), or (d)compliance by the organisation would, in the circumstances, prejudice the interests of the individual to whom the information relates, or (e)the information concerned is collected for law enforcement purposes, or (f)the organisation is an investigative agency and compliance might detrimentally affect (or prevent the proper exercise of) its complaint handling functions or any of its investigative functions. (5)If the organisation reasonably believes that the individual is incapable of understanding the general nature of the matters listed in subclause (1), the organisation must take steps that are reasonable in the circumstances to ensure that any authorised representative of the individual is aware of those matters. (6)Subclause (4) (e) does not remove any protection provided by any other law in relation to the rights of accused persons or persons suspected of having committed an offence. (7)The exemption provided by subclause (4) (f) extends to any public sector agency, or public sector official, who is investigating or otherwise handling a complaint or other matter that could be referred or made to an investigative agency, or that has been referred from or made by an investigative agency. 5 Retention and security (1)An organisation that holds health information must ensure that: (a)the information is kept for no longer than is necessary for the purposes for which the information may lawfully be used, and (b)the information is disposed of securely and in accordance with any requirements for the retention and disposal of health information, and (c)the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse, and (d)if it is necessary for the information to be given to a person in connection with the provision of a service to the organisation, everything reasonably within the power of the organisation is done to prevent unauthorised use or disclosure of the information. Note: Division 2 (Retention of health information) of Part 4 contains provisions applicable to private sector persons in connection with the matters dealt with in this clause. (2)An organisation is not required to comply with a requirement of this clause if: (a)the organisation is lawfully authorised or required not to comply with it, or (b)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ). (3)An investigative agency is not required to comply with subclause (1) (a). 6 Information about health information held by organisations (1)An organisation that holds health information must take such steps as are, in the circumstances, reasonable to enable any individual to ascertain: (a)whether the organisation holds health information, and (b)whether the organisation holds health information relating to that individual, and (c)if the organisation holds health information relating to that individual: (i)the nature of that information, and (ii)the main purposes for which the information is used, and (iii)that person's entitlement to request access to the information. (2)An organisation is not required to comply with a provision of this clause if: (a)the organisation is lawfully authorised or required not to comply with the provision concerned, or (b)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ). 7 Access to health information (1)An organisation that holds health information must, at the request of the individual to whom the information relates and without excessive delay or expense, provide the individual with access to the information. Note: Division 3 (Access to health information) of Part 4 contains provisions applicable to private sector persons in connection with the matters dealt with in this clause. Access to health information held by public sector agencies may also be available under the Government Information (Public Access) Act 2009 or the State Records Act 1998 . (2)An organisation is not required to comply with a provision of this clause if: (a)the organisation is lawfully authorised or required not to comply with the provision concerned, or (b)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ). ... 9 Accuracy An organisation that holds health information must not use the information without taking such steps as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is proposed to be used, the information is relevant, accurate, up to date, complete and not misleading. 10 Limits on use of health information (1)An organisation that holds health information must not use the information for a purpose (a "secondary purpose" ) other than the purpose (the "primary purpose" ) for which it was collected unless: (a)the individual to whom the information relates has consented to the use of the information for that secondary purpose, or (b)the secondary purpose is directly related to the primary purpose and the individual would reasonably expect the organisation to use the information for the secondary purpose, or Note: For example, if information is collected in order to provide a health service to the individual, the use of the information to provide a further health service to the individual is a secondary purpose directly related to the primary purpose. (c)the use of the information for the secondary purpose is reasonably believed by the organisation to be necessary to lessen or prevent: (i)a serious and imminent threat to the life, health or safety of the individual or another person, or (ii)a serious threat to public health or public safety, or (d)the use of the information for the secondary purpose is reasonably necessary for the funding, management, planning or evaluation of health services and: (i)either: a) that purpose cannot be served by the use of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the use, or b) reasonable steps are taken to de-identify the information, and (ii)if the information is in a form that could reasonably be expected to identify individuals, the information is not published in a generally available publication, and (iii)the use of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (e)the use of the information for the secondary purpose is reasonably necessary for the training of employees of the organisation or persons working with the organisation and: (i)either: A) that purpose cannot be served by the use of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the use, or B) reasonable steps are taken to de-identify the information, and (ii)if the information could reasonably be expected to identify individuals, the information is not published in a generally available publication, and (iii)the use of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (f)the use of the information for the secondary purpose is reasonably necessary for research, or the compilation or analysis of statistics, in the public interest and: (i)either: A) that purpose cannot be served by the use of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the use, or B) reasonable steps are taken to de-identify the information, and (ii)if the information could reasonably be expected to identify individuals, the information is not published in a generally available publication, and (iii)the use of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (g)the use of the information for the secondary purpose is by a law enforcement agency (or such other person or organisation as may be prescribed by the regulations) for the purposes of ascertaining the whereabouts of an individual who has been reported to a police officer as a missing person, or (h)the organisation: (i)has reasonable grounds to suspect that: (A) unlawful activity has been or may be engaged in, or (B) a person has or may have engaged in conduct that may be unsatisfactory professional conduct or professional misconduct under the Health Practitioner Regulation National Law (NSW) , or (C) an employee of the organisation has or may have engaged in conduct that may be grounds for disciplinary action, and (ii)uses the health information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, or (i)the use of the information for the secondary purpose is reasonably necessary for the exercise of law enforcement functions by law enforcement agencies in circumstances where there are reasonable grounds to believe that an offence may have been, or may be, committed, or (j)the use of the information for the secondary purpose is reasonably necessary for the exercise of complaint handling functions or investigative functions by investigative agencies, or (k) the use of the information for the secondary purpose is in the circumstances prescribed by the regulations for the purposes of this paragraph. (2)An organisation is not required to comply with a provision of this clause if: (a)the organisation is lawfully authorised or required not to comply with the provision concerned, or (b)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ). (3)The Ombudsman's Office, Health Care Complaints Commission, Anti-Discrimination Board and Community Services Commission are not required to comply with a provision of this clause in relation to their complaint handling functions and their investigative, review and reporting functions. (4)Nothing in this clause prevents or restricts the disclosure of health information by a public sector agency: (a)to another public sector agency under the administration of the same Minister if the disclosure is for the purposes of informing that Minister about any matter within that administration, or (b)to any public sector agency under the administration of the Premier, if the disclosure is for the purposes of informing the Premier about any matter. (5)The exemption provided by subclause (1) (j) extends to any public sector agency, or public sector official, who is investigating or otherwise handling a complaint or other matter that could be referred or made to an investigative agency, or that has been referred from or made by an investigative agency. 11 Limits on disclosure of health information (1)An organisation that holds health information must not disclose the information for a purpose (a "secondary purpose" ) other than the purpose (the "primary purpose" ) for which it was collected unless: (a)the individual to whom the information relates has consented to the disclosure of the information for that secondary purpose, or (b)the secondary purpose is directly related to the primary purpose and the individual would reasonably expect the organisation to disclose the information for the secondary purpose, or Note: For example, if information is collected in order to provide a health service to the individual, the disclosure of the information to provide a further health service to the individual is a secondary purpose directly related to the primary purpose. (c)the disclosure of the information for the secondary purpose is reasonably believed by the organisation to be necessary to lessen or prevent: (i)a serious and imminent threat to the life, health or safety of the individual or another person, or (ii)a serious threat to public health or public safety, or (d)the disclosure of the information for the secondary purpose is reasonably necessary for the funding, management, planning or evaluation of health services and: (i)either: (A) that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or (B) reasonable steps are taken to de-identify the information, and (ii)if the information could reasonably be expected to identify individuals, the information is not published in a generally available publication, and (iii)the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (e)the disclosure of the information for the secondary purpose is reasonably necessary for the training of employees of the organisation or persons working with the organisation and: (i)(i) either: (A) that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or (B) reasonable steps are taken to de-identify the information, and (ii)if the information could reasonably be expected to identify the individual, the information is not made publicly available, and (iii)the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (f)the disclosure of the information for the secondary purpose is reasonably necessary for research, or the compilation or analysis of statistics, in the public interest and: (i)either: (A) that purpose cannot be served by the disclosure of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained and it is impracticable for the organisation to seek the consent of the individual for the disclosure, or (B) reasonable steps are taken to de-identify the information, and (ii) the disclosure will not be published in a form that identifies particular individuals or from which an individual's identity can reasonably be ascertained, and (iii)the disclosure of the information is in accordance with guidelines, if any, issued by the Privacy Commissioner for the purposes of this paragraph, or (g)the disclosure of the information for the secondary purpose is to provide the information to an immediate family member of the individual for compassionate reasons and: (i)the disclosure is limited to the extent reasonable for those compassionate reasons, and (ii)the individual is incapable of giving consent to the disclosure of the information, and (iii)the disclosure is not contrary to any wish expressed by the individual (and not withdrawn) of which the organisation was aware or could make itself aware by taking reasonable steps, and (iv)if the immediate family member is under the age of 18 years, the organisation reasonably believes that the family member has sufficient maturity in the circumstances to receive the information, or (h)the disclosure of the information for the secondary purpose is to a law enforcement agency (or such other person or organisation as may be prescribed by the regulations) for the purposes of ascertaining the whereabouts of an individual who has been reported to a police officer as a missing person, or (i)the organisation: (i)has reasonable grounds to suspect that: (A) unlawful activity has been or may be engaged in, or (B) a person has or may have engaged in conduct that may be unsatisfactory professional conduct or professional misconduct under the Health Practitioner Regulation National Law (NSW) , or (C) an employee of the organisation has or may have engaged in conduct that may be grounds for disciplinary action, and (ii)discloses the health information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, or (j)the disclosure of the information for the secondary purpose is reasonably necessary for the exercise of law enforcement functions by law enforcement agencies in circumstances where there are reasonable grounds to believe that an offence may have been, or may be, committed, or (k)(k) the disclosure of the information for the secondary purpose is reasonably necessary for the exercise of complaint handling functions or investigative functions by investigative agencies, or (l)the disclosure of the information for the secondary purpose is in the circumstances prescribed by the regulations for the purposes of this paragraph. (2)An organisation is not required to comply with a provision of this clause if: (a)the organisation is lawfully authorised or required not to comply with the provision concerned, or (b)non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law (including the State Records Act 1998 ), or (c)the organisation is an investigative agency disclosing information to another investigative agency. (3)The Ombudsman's Office, Health Care Complaints Commission, Anti-Discrimination Board and Community Services Commission are not required to comply with a provision of this clause in relation to their complaint handling functions and their investigative, review and reporting functions. (4)Nothing in this clause prevents or restricts the disclosure of health information by a public sector agency: (a)to another public sector agency under the administration of the same Minister if the disclosure is for the purposes of informing that Minister about any matter within that administration, or (b)to any public sector agency under the administration of the Premier, if the disclosure is for the purposes of informing the Premier about any matter. (5)If health information is disclosed in accordance with subclause (1), the person, body or organisation to whom it was disclosed must not use or disclose the information for a purpose other than the purpose for which the information was given to it. (6)The exemptions provided by subclauses (1) (k) and (2) extend to any public sector agency, or public sector official, who is investigating or otherwise handling a complaint or other matter that could be referred or made to an investigative agency, or that has been referred from or made by an investigative agency. 35At relevant times, section 59 of the OHS Act provided: 59 General powers available on entry For the purposes of this Act or the regulations, an inspector who enters premises under this Division may do any of the following: (a)make searches, inspections, examinations and tests (and take photographs and make video and audio recordings), (b)take for analysis a sample of any substance or thing which in the inspector's opinion may be, or may contain or be contaminated by, a substance (or a degradation product of a substance) that is a risk to health, (c)in the case of an inspector who is a medical practitioner, carry out medical examinations with the consent of the person proposed to be examined, (d)carry out biological tests in such manner and in such circumstances as may be prescribed by the regulations, (e)require any person in or about those premises to answer questions or otherwise furnish information, (f)require the occupier of those premises to provide the inspector with such assistance and facilities as is or are reasonably necessary to enable the inspector to exercise the inspector's functions, (g)require the production of and inspect any documents in or about those premises, (h)take copies of or extracts from any such documents, (i)exercise all other functions that are conferred by, or are reasonably necessary for the purposes of, this Act or the regulations. 36Section 62 of the OHS Act provides: 62 Power of inspectors to obtain information, documents and evidence (1)An inspector may, by notice in writing served on a person, require the person to do any one or more of the following things if the inspector has reasonable grounds to believe that the person is capable of giving information, producing documents or giving evidence in relation to a possible contravention of this Act or the regulations: (a)to give an inspector, in writing signed by the person (or, in the case of a body corporate, by a competent officer of the body corporate) and within the time and in the manner specified in the notice, any such information of which the person has knowledge, (b)to produce to an inspector, in accordance with the notice, any such documents, (c)to appear before an inspector at a time and place specified in the notice and give either orally or in writing any such evidence and produce any such documents. (2)A notice under this section must contain a warning that a failure to comply with the notice is an offence. (3)An inspector may inspect a document produced in response to a notice under this section and may make copies of, or take extracts from, the document. (4) An inspector may take possession and retain possession for as long as is necessary for the purposes of this Act, of a document produced in response to a notice under this section if the person otherwise entitled to possession of the document is supplied, as soon as practicable, with a copy certified by an inspector to be a true copy. (4)A certified copy provided under subsection (4) is receivable in all courts as if it were the original. (5)Until a certified copy of a document is provided under subsection (4), the inspector who has possession of the document must, at such times and places as the inspector thinks appropriate, permit the person otherwise entitled to possession of the document, or a person authorised by that person, to inspect the document and make copies of, or take extracts from, the document. 37The Applicant contends that, while the OHS Act gives a WorkCover inspector the power to require the production of documents if the inspector believes the documents relate to a contravention of the OHS Act, and while health information may be contained in a document, the health information is not 'a document' for the purpose of section 62 of the OHS Act. She submits that it remains 'health information' and as such it is protected by the HRIP Act. 38She further submits that the HRIP Act provides specific and precise statutory protection for people's health information. The OHS Act does not take that statutory protection away. Consequently, she submits, a WorkCover inspector cannot collect health information in the same manner as they would a mere 'document'. They must collect it in accordance with the HPPs.

[4]

The Applicant's Case 39The Applicant contends that in contravention of HPP 1, the Respondent did not have a lawful purpose for the collection of her health information. She referred to the decision in NX v Office of the Director of Public Prosecutions [2005] NSWADT 74 at paragraphs [19] - [21] where the Tribunal considered the term "lawful purpose". She submits that the term "lawful purpose" has two meanings. It can mean:

a purpose that is positively authorised by law, or
a purpose that is not prohibited by law. 40The Applicant submitted that the Respondent did not have a lawful purpose for collecting her health information according to either definitions of 'lawful purpose'. 41She refers to the advice from Inspector Dall on 7 December 2011 in which he indicated that his investigation into her complaint of bullying was complete. 42The Applicant further submitted that while an OHS investigation is a lawful purpose when it is active, the medical report was collected after the investigation was completed. When Inspector Dall collected the health information on 15 December 2011, he could not have done so in relation to an alleged contravention of the OHS Act because his investigation had been completed on 7 December 2011. Accordingly, she argues, inspector Dall did not collect her health information for a lawful purpose. 43She submitted that if Inspector Dall wished to rely on his authority under section 62 of the OHS Act, then he should have issued a section 62 notice because an informal, verbal section 59 request does not invoke the authority available to an inspector who has had the grounds to issues a written notice under section 62. 44She further submitted that neither section 59 nor section 62 authorise an inspector to collect personal or health information. She points to sections 63, 66 and 137 of the OHS Act in support of her submission that neither section 59 nor section 62 contemplates the collection, voluntarily or by compulsion, of personal or health information. 45Section 63 provides that an inspector may require a person to state their name and address if the inspector reasonably suspects that the person has committed an offence against the OHS Act. Section 66 provides that a person must not, without reasonable excuse, refuse or fail to comply with a requirement made by an inspector. Section 137 limits the disclosure of information obtained by inspectors under the OHS Act. 46The Applicant contends that if sections 59 and 62 are read to include health or personal information, then section 63 would be redundant. She argued that section 63 authorises an inspector to collect personal information directly from the person concerned when the inspector reasonably suspects that the person concerned has committed an offence against the OHS Act. She says that this is a higher requirement than section 59, which does not require an inspector to have any grounds, or section 62, which requires an inspector to have reasonable grounds to believe a person can give information in relation to a possible contravention. If sections 59 and 62 contemplate/compel the collection of personal or health information, then section 63 would be redundant as the personal information could be collected /compelled with no grounds under section 59. 47Further, she submits that if sections 59 and 62 contemplated the collection of health or personal information, then under section 137, personal and health information would have less protection than ordinary information. Section 137 prohibits the disclosure of manufacturing, commercial and working process information. The Applicant submitted that section 137 does not prohibit the disclosure of personal or health information because the collection of personal and health information under sections 59 and 62 is not authorised or contemplated. 48The Applicant submitted that the requirement to comply with the HRIP Act or the Privacy and Personal Information Protection Act 1998 ("the PPIP Act ") would be a reasonable excuse for the purposes of section 66 and would permit non-compliance with an inspector's requirements. 49She submitted that a correct interpretation of an inspector's power to compel information requires that sections 59 and 62 be read in the context of other relevant sections of the OHS Act, and therefore Inspector Dall was not authorised by sections 59 or 62 to collect the medical report by compulsion or otherwise. 50The Applicant further submitted that the collection of her health information was not lawful because StateCover had unlawfully disclosed it to the Council, who unlawfully collected it, before unlawfully disclosing it to the Respondent. 51She argued that that the purpose of the medical report was to determine the liability of her claim. She says that Dr Kar was not asked to comment specifically on claims of bullying because he is a psychiatrist, not an industrial relations expert, and his medical opinion had no relevance to the scope of the OHS investigation. It was not reasonably necessary for the investigation and therefore the Respondent's conduct was in breach of HPP1.

[5]

The Respondent's Case 52The Respondent accepts that it "collected" the medical report from the Council. It submits that it did so in the course of an investigation under the OHS Act. 53The Respondent relies on an affidavit provided by Inspector Dall in support of its contention that the medical report was collected for a "lawful purpose", specifically, the conduct of an investigation into an alleged breach of the OHS Act. The Respondent further contends that that purpose is directly related to a function or activity of the Respondent, including the administration and enforcement the OHS Act. 54Further, the Respondent submits that it was reasonably necessary for Inspector Dall to obtain the medical report for his investigation into the Applicant's allegations of bullying as the medical report was obtained by StateCover specifically to comment on the Applicant's health and claims of bullying as part of her workers compensation claim. 55Inspector Dall provided the following description of the circumstances in which he obtained the medical report and his use of the report: On 6 December 2011, I had a meeting with [Council] representatives ... In the course of that meeting, it was revealed that the Applicant had made a workers compensation claim. I asked if liability was accepted or denied, and a [Council] representative replied that it had been denied. (I cannot recall precisely which person or persons told me this information.) I then asked why that had happened and requested confirmation. I asked the [Council] representatives to provide me with information, including any medical reports, relating to the workers compensation claim. At that meeting it was mentioned by [Council] representatives that a medical report had been prepared by a Dr Kar in regard to the workers compensation claim. ... I formed the view that it was relevant to the Applicant's complaint of bullying to have regard to the workers compensation claim and the reasons for the claim being denied, as the claim may have related to the conduct that the Applicant was complaining of. I emailed the Applicant on 7 December 2011 in response to her email dated 30 November 2011. In my email I gave the Applicant my findings, to date, that I had reached in the investigation ... I informed the Applicant that I had formed the view that no breach of the OHS Act 2000 was made out. I said that my investigation was "complete" because, from a practical viewpoint, I had considered a wide range of information (including information provided by the Applicant) and had a sound basis for deciding to take no further action. I did not tell the Applicant that I was awaiting further material, such as medical reports, even though I intended that any further material would assist me in coming to a final decision in the investigation. On 13 December 2011, I paid a visit to [the Applicant's workplace], as part of my role in the WorkCover Liaison Project with [the Council]. I met the following representatives of [the Applicant's workplace] ... Supervisor ... Centre Manager ... Safety Committee Representative ... We discussed general matters relating to health and safety at [the Applicant's workplace]. We also discussed bullying and whether or not it was occurring at [the Applicant's workplace]. We discussed, among other things, the need to ensure that normal activities were maintained for all personnel working in this environment, including the Applicant. In the course of that on-site visit, I also briefly saw, and greeted, the Applicant, who was at work at the time. We did not have an in-depth conversation. I also recall that around that time, I had a discussion [the Council's] Return to Work Co-ordinator. I believe that the discussion took place during the liaison visit to [the Applicant's workplace] on 13 December 2011, as [the Return to Work Co-ordinator] was also present during that liaison visit. I assumed that [the Return to Work Co-ordinator], due to her role at [the Council], would hold or have access to information that was relevant to my investigation. In the course of my discussion with [the Return to Work Co-ordinator], I said to her words to the effect that: "I request that you provide me with a copy of Dr Kar's medical report that relates to [the Applicant's] workers compensation claim. If you don't provide the information voluntarily, I will issue a section 62 notice." A section 62 notice is a notice that compels the recipient to provide information or documents that relates to an alleged breach of the OHS Act 2000. (The notice is so-called because it is issued under section 62 of the OHS Act 2000.) My request for information in this instance was under section 59 of the OHS Act 2000, which gave inspectors a range of general powers to obtain information and documents relevant to an alleged breach of the OHS Act 2000. On 15 December 2011, I received from [the Return to Work Co-ordinator] a medical report in response to my request under section 59 on 13 December 2011. The document which I obtained was a report dated 10 November 2011 prepared by Dr Prabal Kar, a consultant psychiatrist, at the request of StateCover ([the Council's] workers compensation insurer) in relation to the Applicant's workers compensation claim in regard to the alleged bullying. I considered Dr Kar's report, among other matters, when deciding whether to continue the investigation, or to conclude it. the medical report included his professional opinion on the Applicant's medical issues and his view that the Applicant did not have work-related medical issues, nor had the Applicant been bullied. Based on all the material and information that I had obtained during my investigation, I concluded that it was manifestly clear that no breach of the OHS Act 2000 was made out. I therefore decided to close the investigation. I also wrote an entry entitled "Inspector's Report" dated 19 January 2012 ... in which I described my investigation, the materials that I had considered, and my conclusion that no further action was warranted ... On 23 January 2012, Mr Paul Irwin ... reviewed my report on WSMS and wrote the words: "I agree with the actions taken by the inspectors with regards to this matter." ... At no time did I disclose the medical report to any person outside WorkCover. The hard copy of the report is stored securely in WorkCover's archives and an electronic form is also securely stored. There is a reference to the report, and an extract taken from the report, in the WSMS entry ... I included this material on WSMS as it was, in my view, relevant to determining the issue of whether the conduct which the Applicant complained of indicated a possible breach of the OHS Act 2000 and whether bullying of the Applicant had taken place. 56The Respondent contends that no breach of HPP 1 is established.

[6]

Discussion 57I do not agree with the Applicant's submission in regard to the relationship between sections 59 and 62 of the OHS Act and sections 63, 66 and 137 of that Act. Sections 59 and 62 address powers of an inspector on entry that is authorised under the OHS Act. The circumstances under which entry is permitted is specifically limited by the Act. 58In my view it is reasonable to anticipate that when a power to require the production of documents in relation to a possible contravention of the OHS Act or its regulations is exercised, some personal information might be captured by the request. There will inevitably be situations where breaches of the OHS Act have implications for workers' health. In such situations it is likely that health information could be captured by a request under sections 59 or 62 of the OHS Act. 59I am satisfied that sections 59 and 62 of the OHS Act provide a lawful purpose for the collection of health information in relation to an OHS investigation. 60In the circumstances of the present matter, the issue arises as to the significance of Inspector Dall's advice to the Applicant that his investigation was complete 7 December 2011. The Applicant reasonably questions whether the medical report has been obtained for the purposes of the investigation when the evidence shows that it was obtained after 7 December 2011. 61Inspector Dall gave evidence that he requested copies of any medical reports relating to the Applicant's workers compensation claim at a meeting on 6 December 2011. This request would have captured the medical report and he clearly had not received it prior to his 7 December 2011 advice to the Applicant that his investigation was complete. Notwithstanding the advice that Inspector Dall gave to the Applicant on 7 December 2011, his investigation was clearly not complete. He intended to consider the further material that he had requested from the Council as part of his investigation and he did so. It is apparent that he had reached a preliminary view on 7 December 2011 and his view was ultimately adopted in his report "Inspector's Report" dated 19 January 2012. 62Inspector Dall's evidence is that he formed the view that the reason for the refusal of the Applicant's workers compensation claim was relevant to the investigation of her complaint of bullying. Both matters concerned a complaint of bullying. 63In SB v Roads and Traffic Authority [2010] NSWADT 255 I stated the view that the expression "reasonably necessary" must take on its natural meaning. I further stated at paragraph [35] that that the expression is meant to be something less than essential. 64The Applicant has asserted that Inspector Dall was obligated by HPP 1 to determine in advance that any health information he proposed to collect would ultimately be relevant in some way, and it should be determinative of some factor relevant to the purpose of collection. I do not totally agree with this submission. 65In my view, it is reasonable to expect that a request for the medical report was based on a conclusion that the report might be relevant to some factor in his investigation. However, without inspection the medical report he was not in a position to know the extent of its relevance and whether or not it would be determinative. 66In my view, Inspector Dall's opinion that the medical report might be relevant to the investigation of the Applicant's complaint was reasonable. If the content of the report had assisted the Applicant's claim Inspector Dall would have been remiss in not considering it. The reverse must also apply. 67In the circumstances, I agree with the Respondent that no breach of HPP 1 is established.

[12]

The Respondent's Case 83The Respondent presented several arguments in regard to compliance with HPP 4. The Respondent's Privacy Management Plan is available on its website. 84The Privacy Management Plan sets out the information required by clause HPP 4(1), and includes specific references to the collection of personal and health information and the right to request access to such information. The Applicant knew who the Respondent was and Inspector Dall was her designated contact person. The Applicant knew she could request any information related to herself under the GIPA Act. The Respondent was permitted to not comply with HPP 4 as the medical report was collected for law enforcement purposes. This was said to be related to criminal provisions in the OHS Act. 85The Respondent submitted that although WorkCover inspectors are not "police officers" they do carry out "police-like functions" and may enforce criminal offence provisions. 86Further, a prosecution of an alleged breach of the OHS Act is a form of "law enforcement" and an investigation which may lead to such a prosecution is necessarily conducted for "law enforcement purposes" and is directly related to those purposes. 87Non-compliance with a direction ("or request") under section 59, or a notice issued under section 62 of the OHS Act, is a criminal offence under section 66 of the OHS Act, punishable by a fine. It is submitted that this indicates the compulsory or "police-like" nature of the functions conferred by these provisions in the OHS Act. 88The Respondent contends that when carrying out his investigation into the matters raised by the Applicant (including collecting the medical report), Inspector Dall was specifically seeking to determine whether the evidence showed that a criminal offence under the OHS Act had been committed by the Council or other persons. The investigation was not carried out for some purpose that was unrelated, or only partly related to, the purpose of law enforcement. 89For these reasons, the Respondent submits that the medical report was collected (and used) for law enforcement purposes within the meaning of HPP 4(4)(e), and therefore the Respondent was permitted not to comply with the requirements in HPPs 4(1) and 4(2). This remains the case even though no criminal prosecution was brought (since the inspector concluded that no breach of the OHS Act was shown on the evidence available). Compliance with HPP 4 would limit the Respondent's ability to collect evidence and information. 90The Respondent submitted that compliance with HPP 4 would place a significant restriction on the capacity of the Respondent's inspectors to carry out their investigative functions in a timely and efficient fashion. Compliance in all circumstances, even when the inspector was exercising lawful authority to collect evidence and information, would limit the Respondent's ability to investigate unsafe workplaces and practices and take appropriate enforcement action where necessary. Inspector Dall had reasonable grounds to believe that StateCover had already notified the Applicant. 91In relation to this ground, the Respondent submitted: Inspector Dall indicates that he was aware that StateCover, the workers compensation insurer which handled the Applicant's claim, had referred the Applicant to Dr Kar for an assessment ... It is submitted that Inspector Dall had "reasonable grounds to believe" ... that the disclosing organisation (StateCover) had already notified the Applicant of the information in HPP 4(1). ... StateCover is a large organisation that is licensed by WorkCover under the Workers Compensation Act 1987 as a specialist workers compensation insurer and regularly processes workers compensation claims in the course of its business. Such claims routinely involve the collection and use of medical and health-related information concerning workers compensation claimants. Inspector Dall therefore had reasonable grounds to believe that StateCover had a process for informing claimants of the matters in HPP 4(1). Indeed, as the Applicant herself had made a workers compensation claim with [the Council] in October 2011 ... and the referral to Dr Kar was done for the purpose of that claim, Inspector Dall had reasonable grounds to believe that StateCover, as the workers compensation insurer, had notified information of the kind referred to in HPP 4(1) to the Applicant. The Respondent further notes that there is a "Privacy Policy and Collection Statement" ("StateCover Privacy Policy") on StateCover's wesbsite ... The StateCover Privacy Policy includes the statement (relevant text only is quoted): "Personal information for the purposes specified above may be shared on a confidential basis with:

government agents;
police, law and credit enforcement bodies and agencies;
other parties as required by law and/or
the agent of any of these." The Respondent notes that this text generally refers to the types of disclosures that may be made by StateCover, and the kinds of entities to whom disclosure may be made. The references to "government agents", "law enforcement bodies and agencies", "other parties as required by law" and/or "the agent of any of these" would include a reference to an inspector conducting an investigation under the OHS Act. ... ... The circumstances surrounding WorkCover's collection of the medical report indicate that there were such "reasonable grounds" [to believe" that StateCover had already notified the Applicant]. 92The Respondent submitted that no breach of HPP 4 is established.

[13]

The Applicant's Case 93The Applicant relies on comments that I made in my decision in In KJ v Wentworth Area Health Service [2004] NSWADT 84, in support of her submission that the notification principle of the PPIP Act is for individuals to be able to give informed consent. The type of personal information at issue is relevant in determining whether an agency has taken such steps as are reasonable in the circumstances. 94The Applicant disputed each of the Respondent's arguments in regard to compliance with HPP 4. She submitted that the arguments have no merit and some are frivolous. 95She says that despite the promises of the Respondent's Privacy Management Plan, it was the fact that she knew who the Respondent was, that Inspector Dall was her designated contact person, and that she knew that she could request information related to herself under the GIPA Act that led her to discover that Inspector Dall had collected, used and disclosed the medical report. 96The Applicant argues that the Respondent's assertion that the medical report was collected for "law enforcement purposes" is ludicrous as Inspector Dall did not conduct a criminal investigation, and he had found that there had been no contravention of the OHS Act before he collected the report. She says that the medical report was neither necessary for law enforcement purposes, nor any other of the Respondent's function. 97With regard to the Respondent's assertion that compliance with HPP 4 would limit its ability to collect evidence and information, the Applicant submitted that the HPPs are supposed to limit the Respondent's ability to collect health information to what is lawful, reasonably necessary, directly related, relevant, not excessive, accurate, complete, non-intrusive, and not misleading. 98With regard to the Respondent's assertion that Inspector Dall had reasonable grounds to believe that StateCover had already notified her, the Applicant submitted that the Respondent collected the medical report from Council, not StateCover. She submits that the argument therefore has no merit. She further stated that StateCover disclosed the medical report to Council for injury management purposes only. The Applicant submitted that HPP 4(2) required the Respondent to "take any steps that are reasonable" to notify her that they had collected the medical report and what they were going to do with it. They did not take any steps to notify her of these matters, and therefore they have contravened HPP 4.

[17]

The Applicant's Case 107The Applicant contends that the Respondent don't know how many times the medical report has been copied, or who in the agency is holding it. 108In support of this submission she referred to the Respondent's submission which note that a hard copy of the medical report is retained securely in the Respondent's archives and an extract from the medical report was included in the Respondent's investigations database. However, she compares this assertion with the comment in the Respondent's internal review determination relating to matter No. 133003 that: one hard copy is held on investigation file 2011/017659. This file is scheduled for disposal in 2018 and is currently in archive. I also acknowledge that two electronic records exist. One electronic record is held with Inspector Dall, the other is held by WorkCover's Privacy Officer. 109In his affidavit Inspector Dall's Affidavit stated: At no time did I disclose Dr Kar's report to any person outside WorkCover. The hard copy of the report is stored securely in WorkCover's archives and an electronic form is also securely stored. There is a reference to the report, and an extract taken from the report, in the WSMS entry ... 110The Applicant submitted that there are three different responses from three different representatives of the Respondent about who is holding the medical report. She argues that this does not indicate compliance with HPP 5(l)(c), which requires the Respondent to ensure that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse. She submitted that if the Respondent doesn't know who in the organisation is holding the medical report, the Tribunal could not be satisfied that it is securely stored and protected from unauthorised access and misuse. 111The Applicant further submitted that the Tribunal could not be satisfied that the WSMS password protected data base is secure as someone accessed the WSMS data base and altered the complaint investigation file which contains an excerpt from the medical report.

[24]

The Applicant's Case 131The Applicant asserted that Inspector Dall did not notify her that he had collected the medical report or that he was holding it. Therefore she was unable to exercise her entitlements under HPPs 7 and 8 to access and amend the information, or to object to its use, or to request an internal review under section 21 of the HRIP Act. 132She says that the Respondent merely assumed that the report was relevant and it assumed that the report was accurate, complete, and not misleading simply because Dr Kar is a medical specialist. However, she contends that the assumption of relevance was not borne out. She further says that the information that the Respondent obtained about her health, family, education, work, marriage, and lifestyle, as well as Dr Kar's opinion on whether or not she had sustained an injury at work could not have enlighten Inspector Dall on the question of whether the Council had an adequate bullying policy, and whether it had been followed. 133She contends that there is reason to doubt the accuracy of Dr Kar's opinion. She says that while the medical report may be complete in itself, it is not a complete picture of her health in regard to her work related injury. It only represents the insurer's position. She submitted that treating it as a comprehensive, objective and informed opinion is a misleading use of her health information. 134In regard to the proposed purpose of use, the Applicant referred to Inspector Dall's evidence that he proposed to use the medical report to assist him in coming to a final decision in the investigation. However she contends that Inspector Dall's actual use was to validate his finding. She says that the report was not relevant to Inspector Dall's investigation because Dr Kar was not asked, and nor was he qualified, to give an opinion on bullying. She further says that her life history and her health were not relevant to the adequacy of the Council's policies and procedures. 135The Applicant referred to views expressed by Judicial Member Higgins in regard to section 16 of the PPIP Act in JD v Director General, NSW Department of Health (No.2) [2004] NSWADT 227, at paragraph [66]. Section 16 of the PPIP Act is in similar terms to HPP 9. The Judicial Member stated: 66 ... where personal information held by an agency is to be used for a purpose that is adverse to the interests of the person concerned, then s.16 of the PPIP Act places a higher threshold on an agency to ensure that the information is relevant, accurate, up to date, complete and not misleading. Although, in a general sense, I agree with the submissions of Ms Thomas that s.16 does not place an onus on an agency to research and investigate every aspect of personal information that it holds before it is used. However, the section does place an obligation on agencies, if seeking to use personal information that they hold, to consider whether steps (i.e. reasonable steps) need to be taken to check the accuracy etc. of that in formation before it is used and if steps do need to be taken to ensure that they are taken. 136The Applicant contends that HPP 9 required the Respondent to do some checking before it used the medical report. She says that the Respondent merely made assumptions and that this does not accord with the obligation that the Respondent owed her.

[25]

The Respondent's Case 137The Respondent submitted that when Inspector Dall commenced the investigation into the Applicant's complaints of bullying, an intrinsic part of the investigation was to gather factual material from relevant sources, including (but not confined to) from the Applicant. An inspector cannot necessarily determine in advance with certainty whether information or documents which he or she proposes to collect will ultimately be relevant to the investigation. 138Inspector Dall collected the medical report after learning of its existence from Council representatives. He assumed that the medical report would have relevance to the investigation of alleged bullying under the OHS Act as it related to the Applicant's workers compensation claim against the Council. After collecting the medical report, Inspector Dall considered it, along with other evidence that he had received. 139The Respondent further submitted that as the medical report was prepared by a properly qualified medical practitioner, Inspector Dall was justified in assuming that the medical report was the product of a skilled professional and contained information that was reasonably reliable, accurate, complete and not misleading. 140Further, it argued that the medical report was a product of a specialist medical professional and had been commissioned and used previously by StateCover in its investigations. Also, the medical report was dated 10 November 2011 and therefore it was "up to date" at the time the report was collected and used in December 2011 and January 2012. The medical report was just one piece of a broader range of evidence that was considered by Inspector Dall during the investigation. It was neither the only piece of evidence nor was it determinative in and of itself. 141The Respondent submitted that HPP 9 is not intended to be used to make collateral challenges to an agency's decisions. It referred to views expressed by Judicial Member Molony in QB v Greater Southern Area Health Service [2011] NSWADT 90 where he found at paragraph [114] that if an opinion about a person's health is honestly held, then it is not "inaccurate", even if the individual concerned disputes the opinion. It submitted that there is no evidence that Dr Kar did not honestly hold the opinions expressed in the medical report, or that Inspector Dall had reason to question the opinion. 142The Respondent submitted that no breach of HPP 9 is established.

[28]

The Respondent's Case 148The Respondent contends that it was holding the medical report for the primary purpose of conducting an investigation into alleged OHS breaches by the Council. It says that the report was not used for any secondary purpose. The Respondent was therefore acting within the scope of the introductory sentence of HPP 10(1). 149In the alternative, the Respondent contends that Inspector Dall's use of the medical report was "reasonably contemplated" by the OHS Act. Inspector Dall used the medical report pursuant to section 59 of the OHS Act (and, by implication, section 62 of the OHS Act, if required) in order to investigate the matters complained of and to determine if a breach of a provision of the OHS Act had occurred. 150The Respondent relies on views that the Appeal Panel expressed in regard to section 25(b) of the PPIP Act in PN v Department of Education and Training [2010] NSWADTAP 59 ("PN"). Subsection 25(b) of the PPIP Act provides that an agency is not required to comply with various provisions if non-compliance is otherwise permitted (or is necessarily implied or reasonably contemplated) under an Act or any other law. This is in identical terms to HPP 10(2)(b). The Appeal Panel considered the appropriate approach to applying section 25(b) and stated at paragraphs [54] to [60]: 54 Further, we do not think that the task required of the Tribunal in deciding whether or not s 25 is applicable requires it to go so far as to make a microscopic comparison of an alternative law to which an agency refers in justification. Section 25 is expressed in broad language. It is enough that 'non-compliance is reasonably contemplated' by the other law. 55 The Tribunal is called upon, as we see it, to consider the subject matter of the alternative law and ask itself, first, is this the kind of subject matter with which a relevant IPP is concerned in the circumstances of the case before it. 56 Necessarily, the workers compensation regime involves the management of personal information. Moreover, the workers compensation regime has detailed provisions allowing movements of information between a number of parties who have a business role in the management of workers' injuries and the determination of claims. 57 In our view, it is enough for s 25(b) to apply that the transactions in issue (here, one instance of indirect collection and otherwise disclosures) are of a type that is contemplated by the regime; and that they are genuinely undertaken for the purpose of the scheme. Whether something is 'reasonably contemplated' is a factual determination for the trial tribunal to make, only vulnerable to appeal as an error of law on narrow grounds, such as no evidentiary basis for the finding or because the finding is one no rational tribunal could make. This is clearly not a case of that kind. 58 If the Department has breached the guidelines or the statutory provisions in the way it carried out its obligations under the workers compensation regime, as PN's submissions suggest, those are matters to be dealt with through the complaints mechanisms that the workers compensation regime has. The breaches are not open to be litigated within the framework of the privacy legislation. 59 The Tribunal's task is simply to make a broad judgement as to whether s 25 applies. The protection given to an agency by s 25 is not lost simply because the agency has failed to comply, in some aspect of the detail, with a requirement of the other law. 60 If the strict view pressed by PN were to be adopted, privacy cases raising s 25 would give rise to a detailed collateral inquiry into whether the agency had strictly complied with the alternative regime. We do not think that the words of s 25 support such a conclusion, and engagement by the Tribunal in a collateral inquiry would defeat the evident purpose of s 25. 151The Respondent submits that the collection and use of the medical report for the purposes of investigation were transactions of a type "contemplated" by the investigative and enforcement regime in the OHS Act, and were "genuinely undertaken for the purpose" of that regime. It argues that Inspector Dall did not collect, or use, the medical report for any other purpose. The exception in HPP 10(2)(b) is therefore applicable if the relevant "use" of the medical report does not fall within the scope of HPP 10(1) (which the Respondent denies). 152The Respondent submits that no breach of HPP 10 is shown.

ALZ v WorkCover NSW

At a glance

Court

Decision date

Catchwords

Source

Catchwords

Judgment (36 paragraphs)

Parties

Cited By (7)