Dental AI guide
The NSW Privacy Law Dental Practices Forget (HRIP Act)
Most AI privacy guidance only talks about the Commonwealth Privacy Act. If you practise in NSW, a second health-privacy law also applies to you — today.
Almost everyone talks about the federal Privacy Act and the APPs. But a NSW dental practice is also bound by a separate state health-privacy law — the HRIP Act — with its own principles and its own regulator. If your AI thinking only covers the federal law, it covers half the picture.
No patient data required. Use these guides for practice workflow education, not patient-specific advice.
Most AI privacy guidance talks about the Commonwealth Privacy Act. If you practise in NSW, there is a second rulebook that also applies — and many practices have never heard of it.
This is general educational material for dental practice owners and managers, not legal advice. The specifics of the HRIP Act should be confirmed with a qualified adviser for your situation.
Two privacy laws apply in NSW. As well as the Commonwealth Privacy Act 1988 and its Australian Privacy Principles (APPs), dental practices in NSW are also bound by the NSW Health Records and Information Privacy Act 2002 (HRIP Act) and its Health Privacy Principles (HPPs). Read the considerations here against both. General information, not legal advice.
The short version
There are two privacy laws over your practice, at the same time:
- Federal: the Privacy Act 1988 and its Australian Privacy Principles (APPs), overseen by the OAIC.
- NSW: the Health Records and Information Privacy Act 2002 (HRIP Act) and its Health Privacy Principles (HPPs), overseen by the Information and Privacy Commission NSW.
If your AI and privacy thinking only covers the APPs, it covers about half of what applies to a NSW practice.
What the HRIP Act is
The HRIP Act is NSW legislation governing how health information is collected, held, used and disclosed by organisations that provide health services in NSW — which includes dental practices. It sets out a set of Health Privacy Principles (HPPs), and NSW has its own privacy regulator and complaint pathway, separate from the federal system.
The practical point: a patient who feels their health information was mishandled has more than one avenue, and your practice has obligations under more than one law.
Also in the full guide
- "We're too small for privacy law" — not for health information
- The HPPs cover familiar themes — and map onto the AI risks
- What to actually do
Optional — get a customised version
Request the version adapted for your practice
The guide above is free to read and download. If you would like a version tailored to your practice workflow, leave your details below. Use practice-level details only. Do not include patient names, treatment details, clinical notes, X-rays, invoices or identifiable emails.