Protecting your privacy and the confidentiality of your personal information is an issue that we treat seriously at this practice. We understand that patients consider their health information to be highly personal and want their privacy respected at all times.
The Privacy Act offers privacy protection and sets out 10 National Privacy Principles in which we comply.
COLLECTION OF INFORMATION
It is necessary to collect information to properly advise and treat patients, such information may include:
• A full medical history
• Contact details
• Billing/account details and Medicare/private health insurance details.
This information will normally be collected directly from you. There may be occasions when we will need to obtain information from other sources, for example:
• Other medical practitioners such as GPs and specialists,
• Other health care providers such as physiotherapists, occupational therapists, psychologists, dentists, nurses etc
• Hospitals and Day Surgery Units
Both our practice staff and the medical practitioners may participate in the collection of this information.
SENSITIVE INFORMATION
Generally, patients’ consent will be sought before collecting any such ‘sensitive information’, it is sometimes appropriate when making an accurate medical diagnosis or prescribing appropriate treatment. Sensitive information may include:
•Racial or ethnic origin
•Political opinions or membership of an Association
•Religious beliefs or affiliations
•Sexual preferences
•Criminal Record
USE AND DISCLOSURE
Information that has been collected is used to assist in assessing, diagnosing or treating a particular health condition. In the interests of the highest quality of health care this may include sharing information with other health care providers, in addition there are circumstances when information has to be disclosed without patient consent, such as:
•Emergency situations.
•It may be necessary to disclose information about a patient to fulfil a medical indemnity insurance obligation.
•Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
In general, a patient’s health information will not be used for any other purposes in this practice without their consent.
DATA QUALITY
All patient information held by this practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete and up to date.
DATA SECURITY
Steps have been taken in this practice to protect patient information from misuse, loss and unauthorised access. It is necessary for medical practices to keep patient information after a patient’s last attendance for as long as is required by law. Any information that is no longer required will be disposed of properly.
Our practice does not store or temporarily leave the personal health information of patients where members of the public could see or access that information.
All private information is placed in a shredder bin which is key locked and maintained by an external company.
All computers are password protected, and access to our patient data systems requires a second password, which is different from the password used to access a PC.
There are different levels of security access given to staff/contractor’s dependant on their role and responsibilities.
All staff are trained at Induction to lock their computers when leaving it unattended.
Our IT system is managed and maintained (including antivirus software) by an external provider and our full system is backed up hourly to the cloud.
OPENNESS
This practice has made this and other material available to patients to inform them of our policies on management of personal information.
ACCESS AND CORRECTION
IDENTIFIERS
These are the numbers, letters or symbols that are used to identify patients with or without the use of a name (eg. Medicare numbers, Veterans Affairs numbers). We will limit the uses of Commonwealth government identifiers by providers to the purposes for which they are issued.
ANONYMITY
Not applicable to this practice.
TRANSBORDER DATA FLOWS
A patient’s privacy is protected Australia-wide by privacy laws. We will take steps to protect patient privacy if information is to be sent interstate or outside Australia.
If we cannot satisfactorily resolve your concern or complaint, the patient may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination