- Practice Policy
- What personal information is being collected
- Use & Disclosure
- Access to Information
- Risk management
- Written consent
- Non written consent
At the Port Village & Mossman Medical Centres all doctors and staff are bound by the ethical and legal rules of privacy and confidentiality. There can be no deviation from these rules as legislation safeguards these rights and considerable penalties apply.
The Port Village & Mossman Medical Centres are committed to providing quality health care for its patients. As a health care provider in the private sector, the Port Village & Mossman Medical Centres is bound by the Australian Privacy Principles provided for in the Private Act 1988.
The Australian Privacy Principles set the standards by which we handle, collect, use, distribute and store personal information collected from our patients. A copy of these Principles is attached.
- All aspects of patients medical records are confidential ie. Name, address, telephone numbers, medical notes, investigations, reports, appointment details, past and present medications prescribed to you, referrals.
- All aspects of the business or corporate information of this Practice are confidential.
- All information relating to staff members and conditions of employment of this Practice are confidential.
- All staff sign a Confidentiality Agreement before commencing employment.
- It is the policy of this Practice that only non-medical staff sign a Privacy / Confidentiality Agreement. All medical staff are expected to comply with the Code of Ethics and/or Code of Conduct as determined by the relevant professional body.
2. Practice Policy
This practice has developed a policy to protect patient privacy and confidentiality in line with Federal privacy legislation. The practice policy informs the patient of:
2.1 What personal information is being collected.
- Health information is generally collected by the treating doctor during the course of the consultation. Ancillary health information may also be collected by medical administration staff both before and after the consultation.
2 Use and Disclosure
- A patient’s personal information is used or disclosed for primary purposes which directly relate to their on-going health care. In the interests of the highest quality and continuity of health care providers who comprise a patient’s medical team from time to time. Other personal information is required so the practice can contact patients for recall, billing and refund purposes.
- In general it is the policy of this practice that a patient’s health information will not be used for any other purposes, other than the primary purpose, without their consent. Health information may also be disclosed to specialist doctors and allied health professionals the treating doctor may refer you to in order to continue your health care.
- There are some necessary purposes of collection for which information will be used beyond providing health care, such as professional accreditation, quality assessments, clinical auditing. In these instances written consent for the collection of patient information will be obtained from the patient. Patients are requested to sign this Form when registering at the Practice. (see appendix 3)
- Ordinarily we will not release the contents of your medical file without your consent. However, there are circumstances where a medical practitioner is legally bound to disclose personal information without patient consent. Some examples are:
- There is a serious threat to anyone’s life or health;
- There is a suspected unlawful activity;
- Emergency situations;
- It would be unlawful to provide access, or denial is authorised by law;
- By law, doctors are sometimes required to disclose information for public interest reasons, eg mandatory reporting of some communicable diseases;
- Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.
2.3 Access to information
- The Doctor (or Practice) owns the record (and copyright) created in that Practice, including specialist reports.
- Patients of this practice have the general rights of access to any information we hold. There are exceptions. We are happy to discuss these with the patient. Should the patient wish to access this information they are to contact the reception staff and ask for a brochure on Accessing Medical Records.
- Upon request (by the patient) a patient’s health information held by this practice will be made available to the patient.
- Requests for access should be acknowledge by the practice on receipt and the details provided within 30 days of the request for access being received.
- Requests for access may be declined where the Doctor believes that it may be contrary to the patient’s best interests and on-going treatment. However, the Doctor, with the patient’s consent, will release records to another medical practitioner of the patient’s choice. Acknowledge by the practice on receipt and the details provided within 30 days of the request for access being received.
- As part of our commitment to preserving the confidentiality of the information contained in the medical record of a patient we adhere to strict secure storage policies. Electronic records are accessible only by staff of this practice and are protected by a security password. Paper records are kept in secure filing cabinets or rooms and are accessible only by practice staff. Each member of staff understands the importance of doctor-patient confidentiality.
- A charge may be payable where the practice incurs costs in providing access. This will depend on the nature of the access.
- This practice acknowledges the right of children to privacy of their health information. Based on the professional judgement of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
- A patient does not have to provide a written request for their records to be accessed under the Privacy legislation, however, the practice should include a dated note in the patient’s record stating what has been requested and what has been released.
- On occasion it is likely that external organisations will need to access our practice to allow us to maintain a functioning workplace. Further, it may be likely that the medical records kept on site will be viewed, for example, by IT contractors. Such contractors to this practice sign a confidentiality agreement, and where that external organisation provides service or advice to this practice, they will be bound by the terms of the confidentiality agreement.
- If a patient, at any time, has a query or complaint in relation to the privacy policies in place at this practice, their complaint must be made in writing and addressed to the Practice Manager, marked “private and confidential”. Upon receipt of the written complaint we will make our best endeavour to address complaints within 60 days of receipt of the complaint.
- When a patient requests information a Staff Checklist for each request will be commenced.
3. Risk Management
Carelessness is the biggest risk and staff should be aware of the potential breaches of confidentiality when:
- Speaking with others.
- Reading referral letters or doctors notes.
- Speaking too loudly on the phone.
- Releasing confidential details (paper hard copy and/or electronic).
- Discussing unnecessary information.
- Giving results over the phone.
- Leaving information visible on computer screens.
Doctors should be aware of the potential for breaches when:
- Discussing results and information.
- Speaking too loudly to patients.
- Discussing results with other doctors.
- Discussing results especially with relatives of adolescents and the frail.
Guidelines for Maintaining Confidentiality
- Keep charts turned over at front desk.
- Speak softly at front desk.
- Only discuss minimal information.
- Follow appropriate telephone procedures.
- Close treatment and consulting room doors.
- Physically separate patient from others if possible and as necessary.
- Close doors and use screens.
- Computer screens should not be able to be seen or be accessible to the public including couriers and visitors.
CAUTION: If confidentiality is breached a patient may have legal grounds for action for damages.
4. Written Consent
Written consent is needed for release of the following information:
- Medical record details.
- Deceased patients medical records need written consent from next of kin or executor of the Will before they can be released. Proof of identity will be required.
Written consent is also needed for any information to be given at the request of or for the purpose of:
- Legal representative (eg. Solicitor, lawyer, counsel, barrister)
- Social welfare
- Professional accreditation
- Clinical auditing
- Quality assessments
5. Non Written Consent
No consent is needed for information to be given in respect of:
- Subpoena for court
- Notifiable diseases for health department
- “Justifiable” emergency situations
NOTE: Only relevant and necessary information is to be given.
For further information and interpretation of the Federal Privacy Legislation, staff can ring the Federal Privacy Commissioner’s office
Privacy Hotline 1300 363 992