The provision of quality health care requires a doctor-patient relationship of trust and confidentiality. Consistent with our commitment to quality care this practice has developed a policy to protect patient privacy in compliance with privacy legislation, including the Privacy Act 1988 (Cth) and the Health Records (Privacy and Access) Act 1997 (ACT).
Our policy informs you:
- That we need your consent to collect information about you
- Why we need to collect your information
- How your information will be used by us and to whom we may need to disclose it
- That you may request access to the information we hold about you
- That you may discuss any concerns you have about how we handle your information.
- Your information
The personal information we collect about patients includes:
personal details, such as the patient’s name, address, date of birth and telephone number; and information specific to the services each patient requests from us (e.g. patient reports, x-rays and other medical images)
Information about a patient’s medical and family health history is needed to provide accurate medical diagnoses and appropriate treatment.
We will be fair in the way we collect information about our patients.
This information is generally collected from the patient and otherwise with the patient’s consent, however, from time to time we may receive patient information from others.
When this occurs we will make sure, wherever possible, that the patient is made aware we have received this information. Medical care requires full knowledge of patient health information by all members of a medical team.
To ensure quality and continuity of patient care a patient’s health information has to be shared with other healthcare providers from time to time.
Some information about patients is also provided to Medicare, and private health funds if relevant for billing and medical rebate purposes.
The doctors in this practice are members of various medical and professional bodies including medical defence organisations. There may be occasions when disclosure of patient information is required for medical defence purposes.
There are circumstances where a medical practitioner is legally bound to disclose personal information. An example of this is the mandatory reporting of communicable diseases.
It is necessary for us to keep patients’ information after their last attendance at this practice for as long as is required by law or is prudent, having regard to administrative requirements.
If a patient does not provide their personal information to us, or this information is not stored in our systems, we may be unable to provide the patient with the healthcare services they have requested. In such circumstances a patient’s practitioner, and any specialist practitioner required to assist them, may not have access to the information they require for diagnostic, treatment or other health advisory purposes.
A patient has a right to access their information. They may ask to view the information or ask for a copy of a part or of the whole record.
While not required to give reasons for their request, a patient may be asked to clarify the scope of the request. There are some circumstances in which access may be denied, but in such an event the patient will be advised of the reason.
A charge may be payable where the practice incurs costs in providing access. This will depend on the nature of the access. The material over which the doctor has copyright might be subject to conditions that prevent further copying or publication without a doctor’s permission.
If a patient finds that the information held on them is not accurate or complete, the patient may have that information amended accordingly. Upon request, a patient’s health information held by this practice will be made available to another health service provider.
Parents/guardians and children
The right of children to privacy of their health information, based on the professional judgement of the doctor and consistent with the law, might at times restrict access to this information by patients or guardians.
It is necessary for us to collect personal information from patients and sometimes others associated with their healthcare in order to attend to their health needs and for associated administrative purposes.
Health information is ‘sensitive information’ for the purposes of privacy legislation. This means that generally patients’ consent will be sought to collect health information that is necessary to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient healthcare.
Use and disclosure
A patient’s personal health information is used or disclosed for purposes directly related to their healthcare and in ways that are consistent with a patient’s expectation.
In the interests of the highest quality and continuity of healthcare this may include sharing information with other healthcare providers who comprise a patient’s medical team from time to time.
In particular, we store patient reports and medical images on an electronic database which may be accessed by the practitioner who referred the particular patient to us and other specialist practitioners. This allows those parties responsible for providing each patient with health advisory and other services to have access to the necessary information as and when required.
Each patient’s personal information may also be accessed by service providers in the course of maintaining and ensuring the proper functioning of our data storage systems (including the electronic database maintained by us), or for the purpose of providing transcription services. These parties will only access a patient’s personal information to the extent necessary to ensure the proper functioning of our data storage systems or assist in the transcription of X-rays and other medical images.
In addition, there are circumstances when information has to be disclosed without patient consent, such as emergency situations. By law, doctors are sometimes required to disclose information for public interest reasons, e.g. mandatory reporting of some communicable diseases.
It may be necessary to disclose information about a patient to fulfil a medical indemnity insurance obligation. This could include provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
In general a patient’s health information will not be used for any other purposes without their consent. There are some necessary purposes of collection for which information will be used beyond providing healthcare, such as professional accreditation, quality assessments, clinical auditing, billing and so forth.
All patient information held by this practice relevant to the functions of providing healthcare will be maintained in a form that is accurate, complete and up to date.
The storage, use and, where necessary, transfer of personal health information, will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep patient information after a patient’s last attendance for as long as is required by law or is prudent having regard to administrative requirements.
This practice has made this and other material available to patients to inform them of our policies on management of personal information. On request this practice will let patients know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information.
Access and correction
Patients may request access to their personal health information held by this practice by contacting our Patient Bookings Service on 1300 788 508.
Where necessary, patients will be given the opportunity to amend any personal information held that is incorrect. There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
A charge may be payable where the practice incurs costs in providing access. This practice acknowledges the right of children to privacy of their health information. Based on the professional judgement of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
Upon request a patient’s health information held by this practice will be made available to another health service provider.
These are the numbers, letters or symbols that are used to identify patients with or without the use of a name (e.g. Medicare numbers). We will limit the use of identifiers assigned to patients by Commonwealth Government agencies to those uses necessary to fulfil our obligations to those agencies.
A patient has a right to be dealt with anonymously, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible for Medicare and insurance rebate purposes. It could also be dangerous to the patient’s health.
Trans-border data flows
We currently store patient information in Australia which is accessible to our overseas-based IT and other service providers. We take reasonable steps to ensure that our service providers handle patient information in accordance with Australian privacy law.
It is important to us that your expectations about the way in which we handle your information are the same as ours. Please do not hesitate to discuss any concerns, questions or complaints about any issues related to the privacy of your personal information by contacting our Patient Bookings Service on 1300 788 508. We will endeavour to respond to complaints within 14 days of receipt.
If you are still dissatisfied you can complain to the Office of the Australian Information Commissioner, whose contact details are:
175 Pitt Street
Sydney NSW 2000
GPO Box 5218
Sydney NSW 2001
Privacy Hotline: 1300 363 992