Privacy policy

PRIVACY POLICY FOR TOP RYDE MEDICAL CENTRE
National Privacy Principle 5 requires our practice to have a document that clearly sets out its policies on handling personal information, including health information. Our privacy policy outlines how we collect, store, use and disclose patient information and is available on request. Our staff is educated on the 10 National Privacy Principles. (www.privacy.gov.au) and signed a confidentiality agreement.

CONTENTS OF THIS POLICY INCLUDE
1. Privacy
2. Appointment Privacy Officer
3. Informing new patients
4. Patient access to their personal health information
5. Alteration of patient records
6. Access to personal health information by practice staff for the purposes of research, professional development and quality assurance/improvement
7. Confidentiality agreements
8. Disclosure to third parties
9. Requests for personal health information by practice staff for the purposes of research, professional development and quality assurance/improvement
10. Confidentiality agreements
11. Disclosure to third parties
12. Requests for personal health information and medical records by other medical practices
13. Security
14. Complaints about privacy related matters
15. Retention of medical records
16. Staff training

This policy:
• Is derived from the template provided by the RACGP for use in General Practice
• Is consistent with the National privacy Principles for the Fair Handling of Personal information in the Federal Privacy Act 1988 as amended.
• Produced using information from AGPAL

This policy incorporates but is limited to, the patient health record, Medicare & DVA data, billing and accounting records, pathology and radiology results, medical certificates, incoming and outgoing correspondence from hospitals, other doctors and allied health professionals.

1. Privacy Officer: Top Ryde Medical Centre has appointed our Practice Manager as the Privacy Officer who is responsible for formulating and implementing, monitoring and promoting our privacy policy. We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:
• New patients forms
• Our patient information sheet
• Verbally if appropriate

2. Privacy: Personal health information is defined as information concerning a patient’s health, medical history, or past or present medical care; and which is in form that enables or could enable the patient to be indentified.It includes information about an individual’s express wishes concerning current and future health services.

All GPs and practice staff will ensure that patients can discuss issues relating to their health, and that the GP can record relevant personal health information, in a setting that provides visual privacy and protects against any conversation being overhead by a third party.

Staff will not enter a consultation room during a consultation without knocking or otherwise communicating with the GP.

Staff, registrars etc. will not be present during the consultation without the prior permission of the patient.

If at all possible distressed patients will offered an area away from others before or after consultation as required.

3. Informing new patients: New patients will be given the practice information sheet about the practice information policy.

New patients will be required to fill and sign the New Patient Details and Consent form. Assistance will be offered to patients who are unable to complete the from and verbal consent will be obtained and noted in the electronic health record. Parents or guardians to give consent for children.
In order to provide a quality service and to ensure optimal ongoing management of our patient’s health, we are required to collect and securely store identifying details and medical history. Where possible, information is collected directly from the patient.

Practice staff will ensure that information about personal privacy are available in waiting room and at practice reception.

4. Patient access to their personal health information: Under privacy legislation provisions all patients have the right to access their health information stored at the practice. The treating doctor will provide an up to date and accurate summary of their health information on request or whenever appropriate.

The treating doctor will consider all request made by a patient for access to their medical record. In doing so the GP will need to consider the risk of any physical or mental harm resulting from the disclosure of health information.

If the doctor is satisfied that the patient may safely obtain the record then he/she will either show the patient the record, or arrange for provision of a photocopy, and explain the contents to the patient.
Any information that is provided by others (such as information provided by a referring medical practitioner or another medical specialist) is part of the health record and can be accessed by the patient.Ocassionally the patient may be referred to the treating specialist for access to their letters.

5. Alteration of patient records: This practice will alter personal health information at the request of the patient when the request for alteration is straightforward (e.g. amending an address or telephone number).

With most requests to alter or correct information, the General Practitioner will annotate the patient’s record to indicate the nature of the request and whether the GP agrees with it.For legal reasons, the doctor will not alter or erase the original entry.

6. Access to personal health information by practice staff for the purposes of research, professional development and quality assurance/improvement: New patients will also be informed that the practice undertakes research, professional development, and quality assurance/improvement activities from time to time, to improve individual and community health care and practice management.
Patients will be advised of the ways in which the practice undertakes ‘recall’ and ‘follow-up’ activities, verbally via the GP, the Practice Information Sheet and on the patient consent form. Patients are informed that they can opt out of the reminder system via recall letter and on consent form. The consent form will be scanned in to the patient’s health record.
Should this medical centre decide to stop a recall or reminder system, it will write to each person on the system at their last known address, and advise them that the system will be ceasing.

7. Confidentiality agreements: In order to protect personal privacy, this practice has staff, including temporary or casual; IT Support providers sign a confidentiality agreement.

8. Disclosure to third parties: GPs and staff will ensure that personal health information is disclosed to third parties only where consent of the patient has obtained. Exceptions to this rule occur, when the disclosure is necessary to manage a serious and imminent threat to the patient’s health or welfare, or is required by law.

The GP will refer to relevant legislation and the maturity of the patient before deciding whether the patient (in this case a minor) can make decisions about the use and disclosure of information independently (i.e. without the consent of a parent or guardian).For example, for the patient to consent to treatment, the GP must be satisfied that the patient (a minor) is aware and able to understand the nature, consequences and risks of the proposed treatment. This patient is then also able to make decisions on the use and disclosure of his or her health information.

GPs will explain the nature of any information about the patient to be provided to other people, for example, in letters of referral to hospitals or specialists. The patient consents to the provision of this information by agreeing to take the letter to the hospital or specialist, or by agreeing for the practice to send it.

GPs and staff will disclose to third parties only that information which is required to fulfil the needs of the patient.

These principles apply to the personal information provided to a treating team (for example, a physiotherapist or consultant physician also involved in a person’s care).

Information classified by a patient as restricted will not be disclosed to third parties without the explicit consent of the patient.GPs will make a contemporaneous note when such permission is given.
Information disclosed to Medicare or other health insurer is limited to the minimum required to obtain insurance rebates.

Information supplied in response to a court order will be limited to the matter under consideration by the court.
From time to time GPs will provide their medical defence organisation or insurer with information, in order to meet their insurance obligations.

9. Requests for personal health information and medical records by other medical practices: This medical centre engages an after-hours service to provide care, and ensures that this service which is National Home Doctor has emergency contact details for the patient’s usual doctor. A copy of after-hours consultation is faxed to our practice as soon as practicable and scanned into the patient’s health record.

If a patient transfers away from the practice to another GP, and the patient request that the medical record be transferred, the existing GP will provide the record, a summary, or a photocopy to the new treating GP.

This medical centre will seek written permission from the patient for the provision of personal health information to another medical practice. This permission will be scanned health record.

10. Security: General Practitioners, Practice Staff and contractors will protect personal health information against unauthorised access, modification or disclosure and misuse and loss while it is being stored or actively used for continued management of the patient’s health care.
Staff will ensure that patients, visitors and other health care providers to the practice do not have unauthorised access to the medical record storage area or computers.

Staff will ensure that records, pathology test results, and any other papers or electronic devices containing personal health information are not left where they may be accessed by unauthorised persons.
Non-clinical staff will limit their access to personal health information to the minimum necessary for the performance of their duties.

Fax, email and telephone messages will be treated with security equal to that applying to medical records.

Computer screens will be positioned to prevent unauthorized viewing of personal health information. Password-protected screen-savers are used to ensure computers left unattended, cannot be accessed by unauthorized persons.

General practitioners and staff will ensure that personal health information held in the practice is secured against loss or alteration of data.

Patient records will not be removed from the practice. Manual medical records and other papers containing personal health information will be filed promptly after each patient contact.
Staff will ensure that manual and electronic records, computers, other electronic devices and filing areas are secured at the end of each day and that building is locked when leaving.
The data on the computer system will be backed up daily on the USB and will be stored off site. Backups should be routinely tested to ensure daily duplication processes are valid and retrievable.

11. Complaints about privacy-related matters: Complaints about privacy-related matters will be addressed in the same way as other complaints. This procedure is outlined in the complaints policy contained within the practice policy and procedure manual.

12. Retention of medical records: It is the policy of the practice that individual patient medical records be retained until the patient has reached the age of 25 or for a minimum of 7 years from the time of last contact, whichever is longer. No record will be destroyed at any time without the permission of the treating GP or of the authorized GP in the practice.

13. Staff Training: All staff will receive training during induction, of the practices health information record policy. Changes to legislation will be monitored by the Privacy officer and passed onto staff and patients as deemed appropriate.