Information sharing in OOHC

This advice provides information regarding information sharing about a child in out-of-home care.


A care team is responsible for caring for a child in out-of-home care and will use and disclose personal and health information about the child where this is required to support proper care provision.

The looking after children (LAC) practice framework for children in residential and home-based care (excluding kinship care and permanent care) facilitates the sharing of essential information amongst the child's care team.

Where a child is placed in voluntary out-of-home care as part of a child care agreement, there is ongoing involvement by the parent with the child. A parent of a child subject to a child care agreement is entitled to information about the child.

Responsibilities to children

When children are placed in out-of-home care, case responsibilities are shared across a care team including child protection practitioners, CSO staff, residential care staff, home-based carers, parents and significant others.

The protection of a child's privacy is one element of the care team's responsibility. Privacy considerations are balanced with decision-making to support effective quality care provision. Where appropriate, care teams must involve children in decision making about matters affecting their lives and help them to protect the privacy of their personal information in that process.

Use and disclosure of information in the child's best interests

Child protection practitioners should use and disclose personal information in the best interests of children and young people and to support quality care provision. The use and disclosure of information in the child's best interests is influenced by the following considerations:

  • Is provision of the information in these circumstances legally prohibited (for example, could the information lead to the identification of a reporter)?
  • Have the child and the child's parent been informed that their information may be shared in this way?
  • Does the person need to know this information in relation to their role or responsibility to ensure the safety and wellbeing of the child?
  • Is the person authorised to receive or disclose information? By what section of the CYFA or other legislation?
  • Does the person need to know this information in relation to their role in assisting the child to avoid knowingly or unknowingly causing harm to other persons?
  • What specific information does the person need to provide for the good care of this child? The extent of information that is necessary to ensure the safety and wellbeing of the child and avoid them causing harm to others will vary from case to case and from time to time.
  • What is the risk that disclosure of this information to this person might have avoidable negative consequences for another person such as a parent or another family member, carer, or professional, such as reputational damage or impact on privacy?
  • If family violence is a concern, be mindful of information that is shared with the alleged perpetrator regarding the victim, and ensure relevant information is gathered and used appropriately, for example if there are any family violence intervention orders or Family Court orders in place.
  • While the wishes of the child might not be the determining factor, they should be considered, the wishes and concerns of parents and other family members are not a sufficient reason for non-disclosure, but they should always be taken into account. Any concerns parents may have about disclosure of information should be evaluated in the best interests of their child.
  • Those with responsibility for the provision of out-of-home care will generally need to collect and use all relevant personal information in order to provide good care. This includes home‑based carers with day-to-day care of a child.

Disclosing personal information

To provide good care for a child, the care team needs a significant amount of personal and health information about the child.

Child protection and CSO staff, and home-based carers should act in accordance with the principle that information should be disclosed within the care team to the extent necessary for the good care of the child and should be shared beyond the care team only when lawful to do so, appropriately authorised and required to ensure the best interests of the child.

Privacy legislation

The Privacy and Data Protection Act 2014 and the Health Records Act 2001 govern the collection and handling of personal information and health information, unless there is specific provision in another Act (such as the CYFA) which applies to the circumstances. A key function of these Acts is to protect personal and health information from being used or disclosed for purposes other than the primary purpose(s), or related secondary purpose(s) (directly related for sensitive personal and health information) for which it was collected, unless an exception applies.

In child protection, the primary purpose for which we collect information about children is to protect them from harm and to promote their best interests, in accordance with the CYFA. When children are placed in out-of-home care, it is expected that they will receive good care including assistance to help them avoid knowingly or unknowingly causing harm to others.

It is not the intention of privacy legislation or privacy conscious practice to prevent the disclosure and use of personal and health information about the child where this is required to protect the child from harm and promote their best interests. In the context of out-of-home care this means that information necessary to provide effective care for a child may be disclosed to the extent required. Where there is conflict between privacy concerns and the best interests of a child a consultation with Legal Services or a divisional or central privacy officer should occur.

It would be contrary to good practice for child protection to withhold information about a child's history of at risk behaviour, such as sexually intrusive acts against others, from a care provider on the basis of privacy concerns alone as such information would be required to support safe and effective care planning for the child.

Carers and others are not prevented by privacy legislation from advising child protection of information arising during placement in out-of-home care where this is relevant to case planning for the child. Such information could include a disclosure of abuse made by a child in care.

Particular sensitivity of personal information

Particularly sensitive case information held by child protection might include: the placement location where disclosure could result in risk to the safety of a person; health information regarding a person having or being at risk of contracting a communicable disease such as HIV or hepatitis; or criminal records information.

The management and disclosure of such information must comply with relevant legislation and department policy, court orders or case planning decisions, and should occur only where there is a compelling requirement to ensure the best interests of the child or to protect a person from significant harm.

Child protection is obliged to take reasonable steps to ensure that personal and health information is disclosed only to those individuals who require it to meet their responsibilities with respect to the care and best interests of a child and, that those individuals and services to whom information has been disclosed protect the information and do not disclose it to others unless authorised to do so.