Privacy Policy - Managing Patient Health Information
Definitions:
“Living Rock Medical Centre” means Living Rock Healthcare Services Pty Ltd as trustee the Living Rock Health Care Services
“APPs” means the Australian Privacy Principles.
“Privacy Act” means Privacy Act 1988 (Cth)
“ Practice” Living Rock Medical Centre
“Staff” means all employees, contractors, & healthcare providers at Living Rock Medical Centre
Purpose
The purpose of this policy document is to ensure patients who receive care from Living Rock Medical Centre are comfortable in entrusting their personal information to the Practice.
This policy document provides information to patients as to how their personal information (which includes their health information) is collected and used within Living Rock Medical Centre, and the circumstances in which we may disclose it to third parties.
Background and rationale
Both the Act & APPs provide privacy protection frameworks that support the rights and obligations of collecting, holding, using, accessing and correcting personal information. There are 13 principle-based laws in the APPs and these apply equally to paper-based and digital environments. The APPs complement the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.
This policy document will guide Living Rock Medical Staff in meeting these legal obligations. It also discloses to patients how Living Rock Medical Centre collects & uses their personal information.
The policy document must be made available to patients upon request and at no charge. In addition, a copy of this policy will be placed on Living Rock Medicare Centre website.
Practice procedure
Living Rock Medical Centre will:
• Provide a copy of this policy to a patient who requests for it.
• Ensure that all Staff comply with the APPs and appropriately handle all inquiries or concerns.
• Put in place reasonable steps in order to implement practices, procedures and systems to ensure compliance with the APPs and attend to all inquiries or complaints.
• Collect personal information for the main purpose of managing a patient’s healthcare, billing and receiving payments for services provided to patients.
Staff responsibility
Our Staff will take reasonable steps to ensure patients understand the following:
• What patient information has been and is being collected.
• Why the information is being collected, and whether this is due to a legal requirement.
• How the information will be used or disclosed.
• Why and when a patient’s consent is necessary.
• The procedures for patients to access and correct information, and for responding to complaints of information breaches, including by providing a copy of this policy document.
Patient consent
Living Rock Medical Centre will only use a patient’s consent for the purpose for which it was provided. Our Staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of information
Collection of personal information by our practice is an integral part of providing our patients with holistic clinical healthcare services. Living Rock Medical Centre may share such personal information with other healthcare providers so as to provide high quality healthcare services and also for continuity of healthcare.
The Personal information to be collected will include patients’ -
• Names, addresses and contact details.
• Medicare number &/or health insurance information (where required) (for identification and claiming purposes).
• Healthcare identifiers.
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
A patient’s personal information may be held at our Practice in various forms including:
• As paper records.
• As audio recordings
• As electronic records.
• As visual records – for example x-rays, CT scans, videos and photos.
Procedures for collecting personal information are as follows:-
• Patients’ personal, health and demographic information are collected using our new patient registration form when patients present to our Practices for the first time. All new patients are requested to complete our New Patient Registration Form. Patients are encouraged to pay close attention to the collection statement included on this form & also the relevant statements about how such information is used and what patients can do if they have concerns about the way we manage their personal information.
• During the course of providing medical services, our Practice’s healthcare providers will also collect further personal information.
• Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other healthcare provider who is involved in the patient’s health care.
The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
Uses of personal information
Personal information will only be used for the purpose of providing medical services and for managing the billing and receipting processes associated with the cost of the patients’ healthcare unless otherwise consented to. Sometimes, patients’ information may be used in de-identified form for research purposes.
Disclosure of personal information
Unless otherwise consented to, personal information will only be disclosed for the purposes outlined below:
Patients’ personal information will be disclosed for the purposes of providing medical services and for managing the billing and receipting processes associated with the cost of the patient’s healthcare unless otherwise consented to.
Some disclosure may also occur to third parties engaged by or for our Practice for business purposes such as accreditation, research & education, risk management or for the provision of information technology services.
In the case of disclosure for research & educational purposes, any personal information that is disclosed will be in a de-identified format unless otherwise consent to.
Moreover, such disclosure may occur for the purposes of updating patients’ centralised digital medical records as part of myhealth record system or for the purposes of electronically requesting diagnostic tests or ordering prescriptions (eTP). Third parties to whom such personal information is disclosed are also required to comply with this Privacy Policy. In some cases, there also may be a statutory requirement for Living Rock Medical Centre to disclose personal information to third parties (for example, some diseases require mandatory notification). Where this is the case our Practices will inform the patient accordingly. Our Practice will not disclose personal information to any third party other than as outlined above, without full disclosure to the patient or to the recipient, of the reason for the information transfer and with the full consent from the patient.
Living Rock Medical Centre will not disclose personal information to anyone outside Australia without need and without the patient’s consent.
Personal information may be disclosed without patient’s consent in the following situations listed below:
• Required by law.
• Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
• To assist in locating a missing person.
• To establish, exercise or defend an equitable claim.
• For the purposes of a confidential dispute resolution process.
Living Rock Medical Centre will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice via a letter or email. Our Practice evaluate any unsolicited personal information they may receive to decide if it should be kept, acted on or destroyed. In reaching such decision our staff will comply with the APPs.
How do we act to protect and retain your personal information
We ensure that our information systems and clinical records are secured from unauthorised access. Our staff and others who work with us are aware of the legal obligations in respect to confidentiality and the importance we place on protecting your privacy.
We take steps to securely store Personal information which include electronic and physical measures, staff training and use of password protection software. All personal information received from you will be stored as per our standards policies and procedures for the safe and secure storage of patient information in accordance to Australian Privacy Act
We retain our files for at least seven years after the matter has been completed and the file is closed. However, information filed in our electronic files may be retained indefinitely.
Your personal information may also be retained for longer periods if we consider it necessary to do so or to comply with any applicable law or our insurance, governance obligations in our IT back-up records, for the collection of any money owed or to resolve disputes.
Access & corrections and privacy concerns
Living Rock Medical Centre acknowledge that patients have a right to request access to their personal information that is held by us. Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time frame & no later than within 30 days of receiving such a request. Patients should note that in certain circumstances as set out in the APPs, we do have the right to refuse to give patients access to their personal information. The patient will be provided the reason for the refusal.
Where a patient wishes to be provided with a copy of their personal information, then such request should be provided in writing. The Practice has the right to charge a fee for providing a patient with a copy of their personal information with the provision that such fee is reasonable and commensurate with the cost to the Practice in providing such information
The Practice will take reasonable steps to correct personal information where it is satisfied the personal information is not accurate or up to date.
If a patient feels that their personal information may be inaccurate and needs to be corrected or if they feel their personal information needs to be updated they should address their request in the first instance to the Practice Manager of Living Rock Medical Centre, 55 Hunter Street, Mildura VIC 3500.
From time to time, Living Rock Medical Centre may ask patients to verify that the personal information held by the Practice is correct and up to date.
Privacy concerns & complaints
Living Rock Medical Centre takes patients’ complaints and concerns seriously regarding the privacy of patients’ personal information. Patients should express any privacy concerns in writing to our practice manager. The Practice manager will then attempt to resolve it in accordance with our obligations under the Act and within a reasonable time frame & no later than within 30 days after the complaint is made to our Practice.
If a patient feels that their complaint about the privacy of their personal information has not been adequately addressed by the Practice they are encouraged to refer the matter to the Federal Privacy Commissioner at:-
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218 Website: www.oaic.gov.au
Sydney NSW 2001 Privacy hotline: 1300 363 922
Changes to Privacy Policy
Living Rock Medical Centre reserves the right to modify or change our Privacy Policy when deemed necessary and the update version of the policy shall be made available on our website.
Further Information
This Privacy Policy is designed to show how Living Rock Medical Centre aims to comply with the Privacy Act and the APPs. Persons who would like to know more about the Privacy Act and /or the APPs should contact the office of the Australian Information Commissioner at:
Phone: 1300 363 992
Website: www.oaic.gov.au
Email: enquiries@oaic.gov.au
Write: GPO Box 5218, Sydney NSW 2001
OR
Office of the Health Services Commissioner
Victoria - 1300582113