Managing patient Health information
POLICY
The management of Highgate Hill Doctors are committed to protecting the privacy of our patients within our practice. Information collected is kept strictly confidential and used only for the medical and health care of patients.
PURPOSE
To ensure patients who receive care from the practice are comfortable in entrusting their health information to the practice. This policy provides information to patients as to how their personal information is collected and used within the practice and the circumstances in which we may disclose it to third parties.
SCOPE
This policy applies to all employees and patients of Highgate Hill Doctors.
PRACTICE PROCEDURE
The Practice will:
- – Provide a copy of this policy upon request
- – Ensure staff comply with the APP and deal appropriately with inquiries or concerns
- – Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
- – Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments
Staff Responsibility
The practice staff will take reasonable steps to ensure patients understand
- – What information has been and is being collected
- – Why the information is being collected and whether this is due to a legal requirement
- – How the information will be used or disclosed
- – Why and when their consent is necessary
- – The Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy
Patient Consent
The practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
COLLECTION, USE AND DISCLOSURE
Highgate Hill Doctors recognises that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the privacy compliance standards relevant to Highgate Hill Doctors to ensure personal information is protected.
For administrative and billing purposes and to ensure quality and continuity of patient care a patient’s health information is shared between the medical practitioners of Highgate Hill Doctors.
Collected personal information will include patient’s:
- – Names, addresses and contact details including email
- – Medicare number for identification and claiming purposes
- – Healthcare identifiers
- – Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
A patient’s personal information may be held at the practice in various forms:
- – As electronic records
- – As visuals ie x-rays, CT scans, videos & photos
The practice’s procedures for collecting personal information is set out below:
- – Practice staff collect patient’s personal and demographic information via registration when patients present to the clinic for the first time. Patients are encouraged to pay attention to the collection statement that they complete as a new patient.
- – While providing medical services the practice’s healthcare practitioners will consequently collect further personal information during consultations and provision of services.
- – Information may be collected through electronic transfer of prescriptions, My Health Record, and the Health Provider Portal.
- – We may collect some personal information when you interact with us via electronic means, such as on our website, when you send an email or SMS, make online appointments, or communicate with us using social media.
- – In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- – your guardian or responsible person
- – other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- – your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
- – in emergency situations we may also need to collect information from your relatives of friends. We may be required by law to retain medical records for certain periods of time depending on your age at the time we provided services.
The practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.
Personal information collected by Highgate Hill Doctors may be used or disclosed in the following instances:
- – For the purposes the patient was advised of during a consultation with the treating doctor.
- – As required for provision of services, for example, referral to a medical specialist or other health providers who will be involved in your care.
- – with third parties who work with our practice for business purposes, such as accreditation agencies, information technology providers – these third parties are required to comply with APPs and this policy
- – when it is required or authorised by law (e.g. court subpoenas)
- – when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
- – to assist in locating a missing person
- – to establish, exercise or defend an equitable claim.
- – for the purpose of confidential dispute resolution process
- – when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- – During the course of service provision through eTP, My Health Record (E.g. upload of shared health or event summaries, Health Provider Portals
Only people who need to access your information will be able to do so. Other than for the purpose of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
The practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.
Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.
We may provide de-identified data to other organizations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let our reception staff know if you do not want your information included.
Highgate Hill Doctors will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.
DATA QUALITY
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose, our staff may ask you to confirm that your contact details are correct at the time of booking or when you attend consultation.
If you believe that the information about you is not accurate, complete or up to date, we ask that you contact us in writing.
Patient information collected and retained in our records for the purpose of providing quality health care will be complete, accurate, and up to date at the time of collection. Doctors are reminded to review past medical history at least every 12 months.
DATA SECURITY
All due care will be taken to ensure the protection of patient privacy during the transfer, storage and use of personal health information.
Your personal information may be stored at our practice in various forms, e.g. electronic records, paper records, visual records (XR, CT scans).
Personal information that we hold is protected by securing our premises.
Personal information in electronic format in stored in protected information systems, and also by placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorized interference or access.
All our staff and doctors have signed Confidentiality Agreement.
Retention of medical records is for a minimum of 7 years from the date of last entry into the patient record unless the patient is a child in which case the record must be kept until the patient attains the age of 25 years of age.
ACCESS TO PATIENT INFORMATION AND CORRECTION
You have the right to request access to, and correction of, your personal information.
Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. There may be a fee for the administrative cost of retrieving and providing you with copies of your medical records.
Individuals have the right to obtain their personal information in accordance with the Federal Privacy Act from 20 December 2001 onwards. Requests must be made in writing and an acknowledgement letter will be sent to the patient within 14 days confirming the request and detailing whether the request can be complied with, and an indication of any costs associated with providing the information. Time spent and photocopying costs when processing a request can be passed on to the requesting patient.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager at manager@highgatehilldoctors.com.au.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
We will not transfer your personal information to an overseas recipient other than yourself.
The following will apply with regard to accessing personal and private medical information by an individual:
- – Requests for information prior to 20 December 2001 will be considered by the practice
- – Whilst the individual is not required to give a reason for obtaining the information, a patient may be asked to clarify the scope of the request;
- – In some instances the request to obtain information may be denied, in these instances the patient will be advised;
- – The material over which a Doctor has copyright might be subject to conditions that prevent or restrict further copying or publication without the Doctors permission;
- – Upon request by the patient, the information held by this clinic will be made available to another health provider.
PARENTS/GUARDIANS AND CHILDREN
To protect the rights of a child’s privacy, access to a child’s medical information may at times be restricted for parents and guardians. Release of information may be referred back to the treating Doctor where their professional judgement and the law will be applied.
COMPLAINTS
In the instance where you are dissatisfied with the level of service provided within the clinic we encourage you to discuss any concerns relating to the privacy of your information with the Practice Manager or your Doctor.
The management of Highgate Hill Doctors understands the importance of confidentiality and discretion with the way we manage and maintain the personal information of our patients. The Practice takes complaints and concerns about the privacy of patient’s personal information seriously. Patients should express any privacy concerns in writing. Please send your written concern addressed to :
The Practice Manager
Highgate Hill Doctors
196 Gladstone Road, Highgate Hill 4101
OR to email: manager@highgatehilldoctors.com.au
The Practice will then attempt to resolve it in accordance with its complaint resolution process.
All employees of Highgate Hill Doctors are required to observe the obligations of confidentiality in the course of their employment and are required to sign Confidentiality Agreements.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
POLICY REVIEW STATEMENT
This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify you when we amend this policy by posting an update on our website.