Unique Medical takes its obligations under the Victorian Health Records Act 2002 and the Commonwealth Privacy Act 1988 seriously and would like to take all reasonable steps in order to comply and protect the privacy of the personal information that we hold. This document outlines how we intend to do so.
Collection of Information
The main reason Unique Medical collects information from you is so that we may properly assess, diagnose, treat your illnesses properly and be proactive in your health care needs. Information we collect may include your contact details and personal medical history. Some information we collect is in order to comply with our legal obligations (e.g. Mandatory Reporting or Accreditation requirements). All members of the professional team involved in your care will have access to your personal information.
This means we may use and disclose the information you provide in the following ways:
- Disclosure to others involved in your health care, including doctors and specialists outside this practice who may become involved in treating you, pathology services, radiology services and in emergency situations. This may occur through referral to other doctors or specialists, or for medical tests and in the reports or results returned to us following the referrals.
- By law, doctors are sometimes required to disclose information for public interest reasons e.g. mandatory reporting of communicable diseases.
- Disclosure to enable recording on medical registers to improve community health care (for example the diabetes register or Pap smear register).
- Administrative purposes in running our medical practice, including our insurer or medical indemnity provider, and quality assurance and accreditation bodies.
- Billing purposes, including providing information to Medicare and other organisations responsible for the financial aspects of your care.
- Conducting medical research. You will be informed when such activities are being conducted and your involvement will only take place if you provide express signed consent for each program.
- Assisting with training and education of other health professionals. You will be informed when such activities are being conducted and your involvement will only take place if you provide express consent to your medical practitioner for each program.
In most cases we will obtain the information directly from you or your treating doctors. You are not obliged to give us your personal information, however this may mean that we may not be able to provide you with the full range of our services.
Information Quality and Security
Our goal is to ensure that your information is accurate, complete and up-to-date. To assist us with this, please contact us if any of the details you have provided have changed or if you believe the information we have is not accurate, not complete or not up-to- date.
The storage, use and, where necessary, the transfer of personal health information will be undertaken in a secure manner that protects patient privacy. We will take appropriate measures to protect electronic materials stored and generated in hard copy. It is necessary for medical practices to keep patient information after a patient’s last attendance for as long as required by law or is prudent having regard to administrative requirements.
Treatment of Children
The rights of children to the privacy of their health information, based on the professional judgement of the doctor and consistent with law, might restrict access to the child’s information by parents or guardians.
Access to Health Records Policy
The purpose of this Policy is to set out how Unique Medical Centre will provide access to your personal information. The Policy is part of our Privacy Unique Medical Centre will provide access by allowing you to inspect, take notes of or receive copies or printouts of the personal information that Unique Medical Centre holds about Patients can request in writing a copy of their medical records in the clinic by completing a request form a fee will be charged. You can make your request in writing by filling out the form supplied by us.
To obtain access you will have to provide proof of your identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is not undermined. We will take all reasonable steps to provide access within 14 days of your request. For the transfer of medical records to another medical practice, we will require the patient to sign a transfer of medical history request that is provided by the other practice and fax it to us.
Costs and charges
There is no fee to lodge a request for access. Unique Medical Centre will, where required, charge a reasonable fee to cover administrative costs such as photocopying. There are limits to the fees we can charge and these are prescribed in the Health Records Act 2002 (Vic).
A fee will be charged for the doctor’s time spent perusing the notes or explaining them directly to the patient, or rewriting incomprehensible records, in accordance with fees suggested within the Victorian Health Records Act and the Health Records Regulations or Freedom of Information legislation. These charges, cannot be claimed on Medicare or Health Funds.
When will Access be denied?
Access will be denied if:
- The request does not relate to the personal information of the person making the request
- Providing access would pose a serious and imminent threat to life or health of a person
- Providing access would create an unreasonable impact on the privacy of others;
- The request relates to legal proceedings between Unique Medical Centre and you;
- Providing access would prejudice negotiations with the individual making the request; Access would be unlawful; Denial of access is authorised or required by law; Access would prejudice law enforcement activities;
- Access discloses a ‘commercially sensitive’ decision making process or information; or
- Any other reason that is provided for in the Health Privacy Principles (HPPs) set out in the Victorian Health Records Act and the National Privacy Principles (NPPs) set out under the Commonwealth Privacy Act.
Where possible, Unique Medical Centre will favour providing access. It may do so by providing access to the appropriate parts of, and not the entire record.
If you have any complaints about our privacy practices or wish to make a complaint about how your personal information is managed, please contact the Practice Manager. All complaints will be dealt with fairly and as quickly as possible. We prefer that your complaint is in writing. You may write to the Practice Manager 100-106 High St Cranbourne 3977 or alternatively email to [email protected]
If you are dissatisfied with the outcome of our handling of your complaint, you may contact the Victorian Health Services Commissioner on Free call 1800 136 066 or visit the website www.health.vic.gov.au/hsc or the Federal Privacy Commissioner.
Confidentiality and Privacy of Health Information –
This practice is bound by the Federal Privacy Act (1988) and National Privacy Principles and complies with the Victorian Health Records Act (2001).
‘Personal health information’ a subset of personal information and can include any information collected to provide a health service.
This information includes medical details, family information, name, address, employment and other demographic data, past medical and social history, current health issues and future medical care, Medicare number, accounts details and any health information such as a medical or personal opinion about a person’s health, disability or health status.
It includes the formal medical record whether written or electronic and information held or recorded on any other medium e.g. letter, fax, or electronically or information conveyed verbally.
Our Security policies and procedures regarding the confidentiality of patient health records and information are documented and our practice team are informed about these at induction and when updates or changes occur.
The practice team can describe how we correctly identify our patients using 3 patient identifiers, name, date of birth, address or gender to ascertain we have the correct patient record before entering or actioning anything from that record.
For each patient we have an individual patient health record containing all clinical information held by our practice relating to that patient. The Practice ensures the protection of all information contained therein. Our patient health records can be accessed by an appropriate team member when required.
This policy applies to all employees and patients.
The Practice will provide a copy of this policy upon request. Ensure staff comply and deal appropriately with inquiries or concerns
Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments
Doctors, allied health practitioners and all other staff and contractors associated with this Practice have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every patient’s right.
The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, may not be disclosed either verbally, in writing, in electronic form, by copying either at the Practice or outside it, during or outside work hours, except for strictly authorised use within the patient care context at the Practice or as legally directed.
There are no degrees of privacy. All patient information must be considered private and confidential, even that which is seen or heard and therefore is not to be disclosed to family, friends, staff or others without the patient’s approval. Sometimes details about a person’s medical history or other contextual information such as details of an appointment can identify them, even if no name is attached to that information. This is still considered health information and as such it must be protected under the Privacy Act.
Any information given to unauthorised personnel will result in disciplinary action and possible dismissal. Each staff member is bound by his/her privacy clause contained with the employment agreement which is signed upon commencement of employment at this Practice.
Personal health information should be kept where staff supervision is easily provided and kept out of view and access by the public e.g. not left exposed on the reception desk, in waiting room or other public areas; or left unattended in consulting or treatment rooms.
Care should be taken that the general public cannot see or access computer screens that display information about other individuals. To minimise this risk automated screen savers are engaged.
Members of the practice team have different levels of access to patient health information. To protect the security of health information, GPs and other practice staff do not give their computer passwords to others in the team.
Reception and other Practice staff should be aware that conversations in the main reception area can often be overheard in the waiting room and as such staff should avoid discussing confidential and sensitive patient information in this area.
Whenever sensitive documentation is discarded the practice uses an appropriate method of destruction by MDS (secure shredding services).
Electronic information is transmitted over the public network in an encrypted format using secure messaging software. Where medical information is sent by post the use of secure postage or a courier service is determined on a case by case basis.
Incoming patient correspondence and diagnostic results are opened by a designated staff member.
Items for collection or postage are left in a secure area not in view of the public.
Facsimile, printers and other electronic communication devices in the practice are in areas that are only accessible to the general practitioners and other authorised staff. Faxing is point to point and will therefore usually only be transmitted to one location
All faxes containing confidential information are sent to fax numbers after ensuring the recipient is the designated receiver.
Confidential information sent by fax has Date, Patient Name, Description and Destination recorded in a logbook.
Write, “Confidential” on the fax coversheet
Check the number dialled before pressing ‘SEND’
Keep the transmission report produced by the fax as evidence that the fax was sent. Also confirm the correct fax number on the report.
Faxes received are managed according to incoming correspondence protocols.
The practice uses a fax disclaimer notice on outgoing faxes that affiliates with the practice.
“This facsimile is intended for the exclusive use of the person, firm or corporation to which it is addressed and may contain information that by law is privileged or confidential. If the reader of this fax is not the intended recipient, you are hereby notified that law prohibits any disclosure, distribution or copying of this transmission and the contents must be kept strictly confidential. If you have received this facsimile in error, kindly notify us immediately by telephone and return the original document to the address above. Thank you.”
Patient privacy and security of information is maximised during consultations by closing consulting room doors. All Examination beds, including those in the treatment room, have curtains or privacy screens.
- When, consulting, treatment room or administration office doors are closed prior to entering staff should either knock and wait for a response or alternatively contact the relevant person by internal phone or email.
- Where locks are present on individual rooms these should not be engaged except when the room is not in use
- It is the doctor’s/health care professional’s responsibility to ensure that prescription paper, sample medications, medical records and related personal patient information is kept secure, if they leave the room during a consultation or whenever they are not in attendance in their consulting/treatment room.
The physical medical records and related information created and maintained for the continuing management of each patient are the property of this Practice. This information is deemed a personal health record and while the patient does not have ownership of the record, he/she has the right to access under the provisions of the Commonwealth Privacy and State Health Records Acts. Requests for access to the medical record will be acted upon only if received in written format.
Our patient health records can be accessed by an appropriate team member when required.
- All patients’ clinical records are stored in the patient’s electronic medical records. The information is password protected and only appropriate team members access this information. Both active and inactive patient health records are kept and stored securely.
Patient Privacy Information
The ‘personal information’ we collect includes your name, date of birth, address/Es, contact details, Medicare number, healthcare identifiers and health fund details. Medical information may include medical history and any care you may need. GPs need information about your past and present health in order to provide you with high-quality care.
Our practice follows the guidelines of the RACGP’s Handbook for the management of health information in general practice, 3rd edition (the Handbook). The Handbook incorporates federal and state privacy legislation, and the Australian Privacy Principles, which requires that your personal information is kept private and secure.
Our practice is considered paperless and has systems in place to protect the privacy, security, quality and integrity of the personal health information held electronically. Appropriate staff members are trained in computer security policies and procedures.
Medical information will not be placed on top of the reception counter. When doctors and other Practice staff request information or need to see a patient document it is to be placed in doctor’s in-tray, away from public view.
For review Nov 2022 or earlier