Communications Policy
Email communications
In line with our privacy policy, our practice will only engage in communication via telephone, SMS message, in person and fax. We are not able to guarantee the security of emails, sent or received and as a result we will not be able to engage in email communications. Where email communication cannot be avoided, the patient or their MTDM will be informed and asked their permission for the correspondence to be sent via email, it will also be encrypted and a password sent to the recipient separately. A copy of this communications policy including how you are able to access your health information is available here via our website, or you can ask our Admin team to send you a copy.
Receiving and returning telephonic communications
Our team ensures that three identifiers are used at the beginning of each call to clearly and correctly identify the patient the caller is referring to. Our team also asks for the caller to identify themselves and crosschecks the information against the patient’s file and their competency. If the caller is not registered in our system as an authorised representative of the patient, we kindly inform the caller that we are unable to provide any information or forward any message to the doctor. We redirect the caller to go through the authorised representative of the patient (being careful not to disclose who that is) or the patient themselves if they are competent.
Where we are returning telephonic communications, we use the same principles as above, being careful to correctly identify the person we are speaking with before discussing any information with them.
Electronic communications
As explained in our Privacy Policy, we use a number of different, secured electronic systems to transfer information to other health professionals. Examples of the secured pathways we use include HealthLink (to send specialist referrals), secured API integrations (visit note transfers to facility software) and encrypted transfer of pathology/radiology referrals to both the facility and the pathology/radiology companies.
The practice uses the medical software templates to create patient referrals, ensuring only the most relevant and current information is used for referrals. This template technology is also used in our CMA and RMMR documents, along with any other documentation generated by the nursing team.
Patient's Request for Access to Personal Health Information Under the Privacy Legislation
Policy
Patients at this practice have the right to access their personal health information (medical record) under legislation. Commonwealth Privacy Amendment (Private Sector) Act 2000 and the Health Records Act 2001 (Victoria). The HRA gives individuals a right of access to their personal health information held by any organisation in the private sector in Victoria in accordance with Health Privacy Principle 6 (HPP 6). This principle obliges health service providers and other organisations who hold health information about a person to give them access to their health information on request, subject to certain exceptions and the payment of fees (if any).
Public sector organisations continue to be subject to the Freedom of Information Act 1982.
This practice complies with both laws and the National and Health Privacy Principles (NPPs & HPPs) adopted therein. See summary headings of Principles in this section. Both Acts give individuals the right to know what information a private sector organisation holds about them, the right to access this information and to also make corrections if they consider data is incorrect. Compliance with the access provisions in the Health Records Act 2001 (Victoria) will generally ensure compliance with the Commonwealth Privacy Act.
NATIONAL PRIVACY PRINCIPLES:
NPP 1: Collection of personal information by an organisation.
NPP 2: How an organisation may use and disclose personal information in its possession.
NPP 3: Relates to the quality of the data held by an organisation.
NPP 4: Organisation must take reasonable steps to make sure the personal information it holds is secure
NPP 5: Requires an organisation to be open about what personal information it holds and its policy on the management of personal information.
NPP 6: Relates to access and correction of personal information held by an organisation about an individual, by that individual.
NPP 7: The use of identifiers assigned by a Commonwealth Agency
NPP 8: Individuals have the option of not identifying themselves when entering transactions with organisations
NPP 9: Regulates the transfer of personal information held by an organisation in Australia
NPP10: Limits on when an organisation is permitted to collect sensitive information
As adopted within Commonwealth Privacy Amendment (Private Sector) Act 2000
We have a privacy policy in place that sets out how to manage health information and the steps an individual must take to obtain access to their health information. This includes the different forms of access and the applicable time frames and fees.
Australian Privacy Principles guidelines
Reports by Specialists
This information forms part of the patient's medical record, hence access is permitted under privacy law.
Diagnostic Results
This information forms part of the patient's medical record, hence access is permitted under privacy law.
Note: Amendments to the Privacy Act apply to information collected after 21st December 2001, however they also apply to data collected prior to this date provided it is still in use and readily accessible.
We respect an individual's privacy and allow access to information via personal viewing in a secure private area. The patient may take notes of the content of their record or may be given a photocopy of the requested information. A GP may explain the contents of the record to the patient if required. An administrative charge may be applied, at the GPs discretion and in consultation with the Privacy Officer, e.g. for photocopying records, X-rays and for staff time involved in processing requests.
Procedure
A notice is displayed on our website advising patients and others of their rights of access and of our commitment to privacy legislation compliance. An information brochure is also available that provides further details if required.
Release of information is an issue between the patient and the doctor. Information will only be released according to privacy laws and at doctor's discretion. Requested records are reviewed by the medical practitioner prior to their release and written authorisation is obtained.
Request Received
When our patients request access to their medical record and related personal information held at this practice, we document each request and endeavour to assist patients in granting access where possible and according to the privacy legislation. Exemptions to access will be noted and each patient or legally nominated representative will have their identification checked prior to access being granted.
A patient may make a request via telephone or in writing e.g. fax, email or letter. Requests can also be lodged through our website. No reason is required to be given. The request is referred to the patient's doctor or delegated Privacy Officer.
A Request for Personal Health Information form is completed to ensure correct processing. Once completed a record of the request is filed/scanned in the patient record.
Request by another (not patient)
An individual may authorise another person to be given access, if they have the right e.g. legal guardian or Medical Treatment Decision Maker, and if they have a signed authority. Under NPP 2 Use & Disclosure, a 'person responsible' for the patient (including a partner, family member, carer, guardian or close friend), if that patient is incapable of giving or communicating consent, may apply for and be given access for appropriate care and treatment or for compassionate reasons. Identity validation applies.
The Privacy Act defines a 'person responsible' as a parent of the individual, a child or sibling of the individual, who is at least 18 years old, a spouse or de facto spouse, a relative (at least 18 years old) and a member of the household, a guardian or a person exercising an enduring power of attorney granted by the individual that can be exercised for that person's health, a person who has an intimate relationship with the individual or a person nominated by the individual in case of emergency
Deceased Persons
A request for access may be allowed for a deceased patient's legal representative if the patient has been deceased for 30 years or less and all other privacy law requirements have been met. Ref: Sec 28 Health Records Act. No mention is made of deceased patient’s access in Commonwealth privacy legislation.
Current fact sheets can also be downloaded from
http://www.privacy.gov.au/publications/index.html#I
Contact the Health Services Commissioner Administration on (03) 8601 5222
Collate & Assess Information
Retrieve patient's BP medical record. Refer to the patient request form to help identify what information is to be given to the patient.
Data may be withheld under privacy legislation NPP6 Access & Correction for the following reasons.
● Where access would pose a serious threat to the life or health of any individual
● Where the privacy of others may be affected
● If a request is frivolous or vexatious
● If information relates to existing or anticipated legal proceedings
● If access would prejudice negotiations with the individual
● If access would be unlawful
● Where denying access is required or authorised by law
See National Privacy Principles in full for comprehensive list of exclusions.
Access Denied
Reasons for denied access must be given to the patient in writing. Note these on request form. In some cases refusal of access may be in part or full.
Use of Intermediary When Access Denied
If request for access is denied an intermediary may operate as facilitator to provide sufficient access to meet the needs of both the patient and the doctor.
Provide Access
Personal health information may be accessed in the following ways:
● Obtain a copy of our BP records
Check Identity of Patient
● Ensure a visible form of ID is presented by the person seeking access. E.g. driver's licence, passport, other photo identification. Note details on request form.
● Does the person have the authority to gain access? Check age, legal guardian documents; is the person an authorised representative?
If a copy is to be given to the patient ensure all pages are checked and this is noted in the request form.
If the doctor is to explain the contents to a patient then ensure an appointment time is made.
Requests to Correct Information
A patient may ask to have their personal health information amended if he/she considers that is not up to date, accurate and complete. (NPP 6.5/6/6)
Our practice must try to correct this information. Corrections are attached to the original health record.
Where there is a disagreement about whether the information is indeed correct, our practice attaches a statement to the original record outlining the patient's claims.
Time Frames
Acknowledge request - within 14 days.
Complete the request - within 30 days