Stay informed with the latest updates on coronavirus (COVID-19). Find out more >>

Policies and Procedures

Health Information

  • Purpose

    To provide direction to The Royal Children's Hospital (RCH) staff about the management of information in the course of providing health services, and to ensure legislatively compliant information management practices are followed through the establishment of a framework for the creation, capture, classification, access, storage, security and transfer and disposal of records.


    All employees, contractors, honorary appointments, board members, students, observers and volunteers of the RCH and its Campus Partners.

    Definition of terms

    Consumers - refer to patients, parents, carers and other family members. It also includes external providers, such as consumer groups/General Practitioners and other health professionals.

    Information Management – Information that is created, sent or received regardless of format and must be managed throughout its entire lifecycle (National Archives of Australia).

    Personal information - information or opinion about an individual who may be identified, directly or indirectly, by the material. It can be in any medium including electronic or paper records, video or audio recordings, clinical photography, x-rays or pathology samples.

    Records – Information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business. AS ISO 15489 Part 1 Clause 3.15


    RCH recognises the ongoing value of records and is committed to the efficient management of information in line with the standards issued by the Public Records Office of Victoria (PROV).

    RCH must collect, use and protect information including but not limited to health and personal information in accordance with legislation and with procedures RCH has developed to ensure compliance with its obligations. This policy applies to all aspects of RCH information (regardless of format) that is created, managed and received during business transactions. This also applies to all business applications used to create, manage and store records and corporate information including email, database applications and websites.  

    RCH is committed to:

    1. Meeting all legislative and regulatory requirements
    2. Privacy of patient and staff information
    3. Ensuring that information is kept in a safe and secure environment
    4. Ensuring that information is held in a readable format for the minimum period of time required by relevant legislation and PROV retention and disposal requirements.
    5. Providing appropriate and monitored access to information
    6. Ensuring that information collected is accurate, objective and factual
    7. Informing patients and their families about their right to access information
    8. Informing its staff about the management of information and ensuring staff are aware of their obligations


    Chief Executive Officer

    Breach of this policy will lead to disciplinary action, which may include termination of employment.  

    Related RCH policies and procedures

    Related policies

    • Access
    • Care Planning and Implementation
    • Code of Conduct
    • Collection Management & Access Policy
    • Consumer Focused Care
    • Disciplinary Policy
    • Governance
    • Information and Communications Technology
    • Intellectual Property
    • Legislative Compliance
    • Privacy
    • Research  

    Related procedures

    • Health Information Management Procedures
    • Administrative Records Management Procedure 
    • Data Governance 
    • EMR privacy – appropriate access by RCH staff to patient information in the medical record 
    • Information Technology – Data Classification Procedure 
    • Information Technology – Security Framework Procedure 
    • Information Technology – Security Procedure 
    • Personal Information - Access 
    • Personal Information - Confidentiality 
    • Personal Information - Retention and Disposal 
    • Personal Information - Security 
    • Personal Information - Use and Disclosure 
    • Records Management Framework 
    • Research Procedure 
    • Risk Management Procedure   

    Related legislation

    1. Crimes Document Destruction Act (Vic) 2006
    2. Evidence Act (Vic) 2008
    3. Electronic Transactions (Vic) Act 2011
    4. Freedom of Information Act 1982 (Vic)
    5. Freedom of Information Regulations 1998 (Vic)
    6. Health Records Act 2001 (Vic)
    7. Health Services Act 1988 (Vic)
    8. Mental Health Act 2014
    9. Privacy and Data Protection Act (2014)
    10. Public Records Act 1973
    11. Victorian Data Sharing Act 2017 (Vic)   


    1. AS ISO 15489.1-2002 : Records management (2002) Standards Australia
    2. AS ISO 15489.1-2002 - Information & Documentation – Records Management
    3. AS 5090 – 2003 - Australian standard on work process analysis
    4. Public Health Services Patient Information Records General Disposal Schedule (PROS 99/04) Public Record Office, Victorian Government
    5. Public Records Office Victoria, Recordkeeping Standards and Specifications
    6. PROS 10/10 FS1 - Recordkeeping Responsibilities for Heads and CEOs Fact Sheet
    7. PROS 10/10 FS2 - Recordkeeping Responsibilities for Public Sector Employees Fact Sheet
    8. PROS 10/10 FS3 - Recordkeeping Responsibilities for Volunteers Fact Sheet
    9. Victorian Electronic Records Strategy (2003) Public Record Office, Victorian Government

    Further information

    Health information Services