This document, commonly called a privacy policy, outlines how we handle personal information collected (including health information) and how we protect the security of this information. It must be made available to anyone who asks for it and patients are made aware of this.
The collection statement informs patients about how their health information will be used including other organizations to which the practice usually discloses patient health information and any law that requires the particular information to be collected. Patient consent to the handling and sharing of patient health information should be provided at an early stage in the process of clinical care and patients should be made aware of the collection statement when giving consent to share health information.
In general, quality improvement or clinical audit activities for the purpose of seeking to improve the delivery of a particular treatment or service would be considered a directly related secondary purpose for information use or disclosure so we do not need to seek specific consent for this use of patients’ health information, however we include information about quality improvement activities and clinical audits in the practice policy on managing health information.(Refer Section 8 Accreditation and Continuous Improvement).
We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:
“Your medical record is a confidential document. It is the policy of this practice to maintain security of personal health information at all times and to ensure that this information is only available to authorised members of staff.”
Doctors may be legally bound to disclose your information in certain situations such as for medical defence purposes and reporting communicable diseases. Records must also be disclosed under court orders, subpoenas, search warrants and Coroner’s Court cases.
Children and other dependent relatives also have the right to privacy of their health information. Access by other individuals (e.g. Parents, guardians, carers etc.) will be determined by medical and legal privacy requirements and each request for access will be addressed individually.
If research is conducted, then each patient provides informed consent for his/her personal health information to be released.
Your information may be stored on paper and/or in electronic formats.
It is the policy of this practice to protect your information from loss and unauthorised access, modification or disclosure.
Your information will be kept for at least as long after your last attendance as is legally necessary or required for administrative purposed. If your information is no longer needed after this time, it will be destroyed in a secure manner.
Although patients can request access to their personal health information verbally, we request that patients complete a Personal Health Information Request Form which outlines the type of information being requested, and in what format the patient requests to receive the information. Completion of this form ensures correct processing is undertaken and appropriate consent is obtained, particularly where the patient is requesting their information be sent to them through an unsecure method (e.g. e-mail).
You can ask to view your information or have a copy of all, or part, of your records. You are able to have incomplete or inaccurate information corrected. There are some circumstances, such as for legal reasons, where access to your information will be denied, but if this is the case, you will be advised of the reason.
For further information ask your GP. Usually information is available within 30 days of lodging a request form. Nominal administrative charges may apply.
If you have any questions about how we handle your personal health information, or need to arrange access to your records, please talk to your GP or one of our staff.
