Date of policy: 20th October, 2015
Name of practice: Branyan Clinic, (“Practice”)
To ensure patients who receive care from the Practice are comfortable in entrusting their health information to the Practice. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within the Practice, and the circumstances in which we may disclose it to third parties.
RACGP Compliance indicators for the Australian Privacy Principles: an addendum to the computer and information security standards (Second edition).
Background and rationale
The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consist of 13 principle-based laws and apply equally to paper-based and digital environments. The APP complement the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.
This policy will guide Practice staff in meeting these legal obligations. It also details to patients how the Practice uses their personal information. The policy must be made available to patients upon request.
The Practice will:
- provide a copy of this policy upon request
- ensure staff comply with the APP and deal appropriately with inquiries or concerns
- take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
- collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.
The Practice’s staff will take reasonable steps to ensure patients understand:
- What information has been and is being collected
- Why the information is being collected, and whether this is due to a legal requirement
- How the information will be used or disclosed
- Why and when their consent is necessary
- The Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of information
The Practice will need to collect personal information as a provision of clinical services to a patient at the practice.
Personal information is information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Collected personal information will include patients’:
- names, date of birth, addresses and contact details
- Medicare number (where available) (for identification and claiming purposes)
- healthcare identifiers
- medical information including medical history, medications, allergies, adverse events,
- immunisations, social history, family history and risk factors.
Sensitive information, about an individual, means:
- Information that is health information about the individual, or
- Personal information about the individual that includes any of the following:-
- The individual’s ethnic origin;
- The individual’s religious beliefs;
- The individual’s sexual preferences or practices;
- The individual’s criminal record.
Health information, about an individual means:
- Personal information about the individual that includes any of the following –
- The individual’s health at any time;
- A disability of the individual at any time;
- The individual’s expressed wishes about the future provision of health services to the individual;
- A health service that has been provided, or that is to be provided, to the individual; or
- Personal information about the individual collected for the purpose of providing, or in providing, a health service; or
- Personal information about the individual collected in connection with the donation, or intended donation, by the individual of any of the individual’s body parts, organs or body substances.
A patient’s personal information may be held at the Practice in various forms:
- as paper records
- as electronic records
- as visual – x-rays, CT scans, videos and photos.
The Practice’s procedure for collecting personal information is set out below.
- Practice staff collect patients’ personal and demographic information via registration when patients present to the Practice for the first time.
- Patients are encouraged to pay attention to the collection statement attached to the form and information about the management of collected information and patient privacy.
- During the course of providing medical services, the Practice’s healthcare practitioners will consequently collect further personal information.
- Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.
The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
The Practice is registered and has the compliant security software installed, with the future intention of using both the Independent Healthcare Identifiers (IHI’s) and the Personally Controlled Electronic Health Records (PCEHR) system.
This Practice utilises eTP service including AUSLAN, the National Relay Service (NRS) for patients that are deaf or the translation and Interpreter service (TIS) Doctors Priority Line (1300 131 450) for patients from a non English speaking background. Patients are notified of these services
Use and disclosure of information
Personal information will only be used for the purpose of providing medical services and for claims and payments unless otherwise consented to.