How the Commonwealth Qualified Privilege Scheme works

Once your quality assurance activity has a declaration under this scheme, you must ensure it complies with the confidentiality requirements. Organisations also have a responsibility to regularly share de-identified information from the activity with the public.

1. Organisation applies for a declaration

To get qualified privilege for an activity, you must apply for a declaration as an eligible organisation.

You must be applying for an eligible quality assurance activity.

2. We make a declaration

If the activity is eligible and in the public interest, the Minister for Health (or delegate) will make a declaration under this scheme.


A declaration is a legislative instrument that includes a summary of the activity and start date. It grants qualified privilege for 5 years unless revoked earlier.

It is important to know that:

  • You still need patient consent – A declaration does not override patient consent. You must seek patient consent before viewing their medical records as part of the activity.
  • A declaration does not protect all information It only covers information that may identify a person. In fact, you must share de-identified information from the activity.
  • A declaration is only for the approved activity It does not extend to related or later activities.

View all current declarations on the Federal Register of Legislation website.

3. Organisation runs the declared activity

You must run the activity in line with the confidentiality requirements and organisation responsibilities.

Confidentiality requirements

Everyone who takes part in the activity must comply with the confidentiality requirements of the scheme.

This means if they have information that identifies a person, and they got that information solely from the declared activity, they must not disclose or record it.

Courts cannot subpoena identifying information related to a declared activity.

It is illegal to disclose identifying information unless either:

  • the person gives written consent
  • the Minister for Health and Aged Care authorises the disclosure.

Not meeting these requirements is a criminal offence. It is punishable by up to 2 years in prison.

Responsibilities of organisations

Organisations must regularly share de-identified information about the activity with the public. This can include:

  • clinical performance data
  • key themes
  • identified clinical issues
  • recommendations that have been implemented or monitored
  • service improvements that have been made based on evidence from the activity.

You can share this information in different ways. For example, you can publish an article in an academic journal or newspaper that discusses:

  • learnings about the safety and quality of the health service
  • the improvements in technique or approach that have been recommended because of the activity.

Organisations generally share information with the public at least once a year.


Commonwealth Qualified Privilege Scheme contact

Contact us to find out more about the Commonwealth Qualified Privilege Scheme.
Date last updated:

Help us improve

If you would like a response please use the enquiries form instead.