APP 1 of the 13 Australian Privacy Principles requires our practice to have a document that clearly sets out its policies on handling personal information, including health information. These new privacy law regime commenced on 12 March 2014 and replaced the ten National Privacy Principles (NPPs)
The collection statement informs patients about how their health information will be used including other organisations to which the practice usually discloses patient health information and any law that requires the particular information to be collected. Patient consent to the handling and sharing of patient health information should be provided at an early stage in the process of clinical care and patients should be made aware of the collection statement when giving consent to share health information.
In general, quality improvement or clinical audit activities for the purpose of seeking to improve the delivery of a particular treatment or service would be considered a directly related secondary purpose for information use or disclosure so we do not need to seek specific consent for this use of patients’ health information, however we include information about quality improvement activities and clinical audits in the practice policy on managing health information.(Refer Section 8 Accreditation and Continuous Improvement)
We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:
New patient form includes; Patient Consent I give consent for my Patient Health Information to be provided to Health Organisations such as The Pap Smear Registry and Immunisation Registry. This clinic also uses SMS and Email communication for reminder and clinical updates. If you do not wish to consent – please discuss this with your doctor.
5/ 90 Mitcham Road Donvale 3111
Telephone: 9842 2555
The primary purpose of our practice is to provide comprehensive, coordinated and continuing whole person medical care for individuals, families and the community.
The information we collect includes any identifying details including DOB, address, telephone numbers, NOK, Emergency contacts, marital status, employer details, Medicare No, Health Identifier no, Health insurance details, Ethnicity, allergies and other sensitivities, ATSI status, past and current medical history, social history, medical procedures, diagnostic tests, results, referrals, reports from other health providers, xrays, progress notes, financial details related to billing, medications, immunisations and work cover examinations. Where possible information is collected directly from the patient.
The purpose of the collection of this material is to gain sufficient information to provide for the optimal ongoing management of each patient’s health.
The data is stored electronically on the computer. The data is accessed only via authorised GPs and staff. Computers have password access. Staff who access files have signed privacy agreements. Practice manager and reception staff require access to accounts, demographic records and from time to time the actual medical records. GP’s are also aware of privacy restrictions and access issues and use passwords for computer access.
The data is used for primary purpose and related secondary purpose by GP’s, practice manager, practice nurses and reception staff. Patients referred to another health service provider will be aware that information is given to that service provider for the normal course of ongoing patient care and management. Account details are used to gain payment from Medicare / Insurance.
If research is conducted, then each patient provides informed consent for his/her personal health information to be released. Patient information is also supplied to specific health organisations, that is Pap Smear Registry and Immunisation Registry. Patients are made aware of this verbally and via information notices within the clinic and may opt out of this service if they wish.
Deidentified research may also be conducted to improve processes within the practice in the form of a clinical audit, such as the Health Atlas. For a quality improvement activity undertaken within a general practice, where the primary purpose is to monitor, evaluate or improve the quality of healthcare delivered by the practice, ethics approval is not required.
Under certain legislation we must disclose patient information. This includes Notifiable Diseases under the Infectious Diseases Act, The Adoption Act, and records must be disclosed under court orders, subpoenas, search warrants and Coroner’s Court cases.
The patient has the right to access of their own personal health information. A possible exception to this would be at the doctor’s discretion if it was felt that the release could cause harm to the patient.
Request for information may be made in discussion with the doctor, or discussed at reception who will be able to provide the patient with appropriate forms or direct the patient to the Privacy Officer. A Transfer of History form is also available at the front desk.
If the patient has a complaint they should talk to the practice manager or their doctor or direct their complaint to The Health Services Commissioner Level 26, 570 Bourke St, Melbourne, Victoria 3000. Phone: 1300 582 113
This policy provides guidance for employee use of social media. Social media has many forms. This policy must be broadly applied to all forms of social media; these include but are not restricted to Facebook, Twitter, LinkedIn, Share, Blogging, Messenger, message boards, chatrooms, electronic newsletters, online forums, social networking sites, and wikis.
Overall employees must observe the principles of integrity, professionalism, privacy and impartiality when posting online.
There may be disciplinary implications for employees not complying with the practice’s social media policy and guidelines.
The RACGP’s Guide for the use of social media in general practice is available at www.racgp.org.au/your-practice/ehealth/social-media