This is an extremely important code of ethical behaviour and must be maintained at all times by all staff. Blackwood Family Medical Centre is bound by the Federal Privacy Act 1998, The Australian Privacy Principles and the National Privacy Principles with the Health Records Act SA 1997. The legal requirements of confidentiality extends from the Practice Principal/s to all Clinicians and staff.
This policy outlines how this practice handles personal health information collected (including health information) and how we protect the security of this information. The collection statements inform patients about how their health information will be used, including other organisations to which the practice usually discloses patient health information and any law that requires the particular information to be collected. Patient consent to the handling and sharing of their information should be provided at an early stage if clinical care.
For each patient, we have an individual patient health record (electronic) containing all clinical information held by our practice relating to that patient. The Practice ensures the protection of all information contained therein. Our patient health records can be accessed by an appropriate team member when required. We also ensure information held about the patient in different records (e.g. at a residential aged care facility) is available when required.
'Personal Health Information' refers to a particular subset of personal information and can include any information collected to provide a health service. This information includes medical details, family information, name, address employment, and other demographic data, past medical and social history, current health issues and future medical care, Medicare number, account details, and any health information such as a medical or personal opinion about a person’s health, disability, or health status. It includes the formal medical record whether written or electronic and Information held or recorded on any other medium e.g. letter, fax, or electronically or information conveyed verbally.
Our practice informs our patients about our policies regarding the collection and management of their personal health information via:
Our practice has a designated person, the practice manager, with the primary responsibility for the practice’s electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security Policy. This responsibility is documented in the Position Description. Tasks may be delegated to others and this person works in consultation with the privacy officers.
The privacy officers act as liaison for all privacy issues, patient requests for access to their personal health information, and any staff members queries or concerns concerning Privacy laws (Commonwealth Privacy Act - Privacy Amendment (Privacy Sector) Act 2000 or Health Records Act SA 1997).
The Privacy officer is responsible for ensuring compliance with relevant Privacy principles and legislations, and for developing and maintaining our written protocols.
Patients’ medical records are medico-legal documents and are not to be left where they could be viewed by others, especially on the reception desk.
Any paperwork left on the reception desk, which is still in process, MUST be placed face-down, to ensure the name and details are not visible to others.
Doctors do not leave any information on their desks which may be viewed by unauthorised parties.
All staff are required to lock their computers when leaving their desk, irrespective of how long they will be away.
Patient diagnoses, results and history should not be disclosed around other patients and are only to be discussed amongst those who are “need to know”.
Patient information is not to be disclosed to family members or any other party, unless the patient has authorised to do so and is documented into the patient’s medical record.
Under no circumstances are employees of this practice to discuss or in any way reveal patient conditions or documentation to unauthorised staff, other patients, family, or friends, whether within this practice or outside it, such as home or social occasions. This also includes patient accounts, referral letter or other clinical documentation.
All staff at Blackwood Family Medical Centre are aware of the Confidentiality and Privacy of Personal Health Information Policy and has signed a privacy agreement as a part of their terms and conditions of employment. This privacy statement continues to be binding on employees even after their employment has been terminated.
We require patient consent to collect and use information about them. This will be done when the patient joins the surgery by completing and signing our new patient form and consent form. The patient can revise their consent at any time, by speaking with our Practice Manager or the patients treating doctor/nurse.
Employees of Blackwood Family Medical Centre will not discuss or in any way reveal patient conditions or documentation to unauthorised staff, colleagues, other patients, family, or friends, whether at this practice or outside it, such as in the home, or at social occasions or in social media. This includes patient accounts, referral letters or other clinical documentation.
General Practitioners and staff are aware of confidentiality requirements for all patient encounters and recognise that significant breaches of confidentiality may provide grounds for disciplinary action or dismissal.
Our practice collects personal and health related information for the primary purpose of providing comprehensive, ongoing, holistic medical care to individuals and families in accordance with accepted, high quality general medical practice.
The minimum personal and health details we require to be able to provide the patient with safe medical care include:
To assist us in providing the patient with the best possible care the patient will also be asked for information about:
Consent for:
Other than as described in this Policy or permitted under the National Privacy Act, Blackwood Family Medical Centre uses its reasonable endeavours to ensure that identifying health information is not disclosed to any person. Some of this information will be used for directly related reasons such as providing a referral to a specialist, hospital, or other health service.
We may also use information within the practice for our own quality assurance, to provide the patient with reminder letters, to inform the patient of health-related issues or programs which may be of interest, and for accounting purposes, including Medicare billing. Information may also be provided to maintain national health databases, particularly for childhood immunisations.
Blackwood Family Medical Centre acknowledges that patients may request to access their medical records. Patients are encouraged to make this request in writing, and Blackwood Family Medical Centre will respond within a reasonable time.
Blackwood Family Medical Centre will take reasonable steps to correct personal information where they are not accurate or up to date. Blackwood Family Medical centre may also ask patients to verify the personal information held by the practice is up to date and correct. Patients may also request to have their personal information corrected or bought up to date by the practice, through a written request.
Blackwood Family Medical Centre takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing and Blackwood Family Medical Centre will then attempt to resolve it in accordance with its complaint resolution procedure.
Our patient records are maintained in a secure, onsite computer system. The information recorded is protected by an individual password system and is accessible only to authorised personnel. Our practice has a designated person with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security Policy. This responsibility is documented in the Position Description. Tasks may be delegated to others and this person works in consultation with the Practice Manager.
Records will be retained or at least 7 years after the last encounter in the case of adults and for children, until they have attained the age of 25 years. Paper based information that is no longer required is destroyed by shredding.
All authorised practice doctors and staff have access to the patient’s information – if the patients consults different doctors they all have access to the record unless the patient specifically requests otherwise. At times, we write to our patients about health-related matters and reminders for follow up appointments. The patients name can be removed from such list if required.
Blackwood Family Medical Centre, in partnership with our bank ensures increased protection that the Secure Code Service delivers. As we are a Business customer, we have nominated one Work landline phone number /one Mobile phone number to receive the Secure Code.
To keep our information secure, our bank safeguards our systems in the following ways:
Doctors, allied health practitioners, all staff and contractors associated with this Practice have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every patient’s right. The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, may not be disclosed either verbally, in writing, in electronic form, by copying either at the Practice or outside it, during or outside work hours, except for strictly authorised use within the patient care context at the Practice or as legally directed.
All patient information must be considered private and confidential, even that which is seen or heard and therefore is not to be disclosed to family, friends, staff, or others without the patient’s approval. Sometimes details about a person’s medical history or other contextual information such as details of an appointment can identify them, even if no name is attached to that information. This is still considered health information and as such it must be protected under the Federal Privacy Act 1998.
Any information given to unauthorised personnel will result in disciplinary action and possible dismissal. Each staff member is bound by his/her privacy clause contained with the employment agreement which is signed upon commencement of employment at this Practice.
Personal health information should be kept where staff supervision is easily provided and kept out of view and access by the public e.g. not left exposed on the reception desk, in waiting room or other public areas; or left unattended in consulting or treatment rooms.
Practice computers and servers comply with the RACGP computer security checklist, and we have a sound back up system and a contingency plan to protect the practice from loss of data. (Refer to Computer information security Policy)
Care should be taken that the general public cannot see or access computer screens that display information about other individuals. To minimise this risk automated screen savers is engaged when members of the practice team have different levels of access to patient health information. (Refer to Computer Information Security Policy). To protect the security of health information, GPs and other practice staff do not give their computer passwords to others in the team.
Reception and other Practice staff should be aware that conversations in the main reception area can often be overheard in the waiting room and as such staff should avoid discussing confidential and sensitive patient information in this area. Sensitive documentation is discarded the practice uses an appropriate method of destruction (e.g. shredding) or computer drive, memory sticks etc are reformatted).
Periodically, or in the event of an incident or complaint relating to privacy matters, our Practice will conduct a review of privacy policies and procedures. At this time, the privacy officer will review the following items:
The privacy officer will:
The Privacy Amendment (Sector) Act 2000 extends the operation of the Privacy Act 1988 to cover the private health sector throughout Australia.
The Privacy Act requires our practice to abide by the 13 Australian Privacy Principles (APPs):
Resources: