Privacy and Legal Requirements
Legal requirements and privacy obligations for using Light's AIR integration
Legal Notice
Mandatory Compliance Statement
Participating health professionals may utilise the services and information provided, including personal information, only in accordance with National (Privacy Act 1988, Health Insurance Act 1973, Australian Immunisation Register Act 2015 and other relevant legislation), State or Territory legislation, Policy and Guidelines.
Applicable Legislation
The following legislation governs AIR data access and use:
- Privacy Act 1988 — regulates handling of personal information
- Health Insurance Act 1973 — establishes the framework for Medicare and health information
- Australian Immunisation Register Act 2015 — governs AIR and immunisation data
Data Handling Responsibilities
As a healthcare provider using Light to access AIR, you are responsible for:
Access control:
- Ensuring only authorised staff access AIR through Light
- Reviewing and revoking access as needed
- Not sharing login credentials
Appropriate use:
- Accessing only patient records necessary for clinical care
- Not accessing AIR information for non-clinical purposes
- Not disclosing patient information to unauthorised persons
Data protection:
- Protecting PRODA credentials and device activation codes
- Securing workstations when not in use
- Following your organisation's information security policies
Light automatically logs all AIR transactions for audit purposes.
Privacy Breaches
If you become aware of a suspected or actual privacy breach involving AIR information:
- Notify your organisation's privacy officer immediately
- Contact the Light Support Team
- For serious breaches, also notify Services Australia: 1800 700 199
Additional Resources
- Australian Privacy Principles
- AIR Healthcare Provider Guidelines
- PRODA Terms of Use
- Office of the Australian Information Commissioner: 1300 363 992
- Services Australia AIR support: 1800 653 809