To ensure patients who receive care from Kardinia Health (the Practice) are comfortable entrusting their health information to the Practice. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within the Practice, and the circumstances in which we may disclose it to third parties.
The Australian Privacy Principles (APP) provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consists of 13 principle-based laws that apply equally to paper-based and digital environments. The APP complements the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.
This policy will guide the Practice staff in meeting these legal obligations. It also details to patients how the Practice uses their personal information. The policy must be made available to patients upon request.
The Practice will:
The Practice’s staff will take reasonable steps to ensure patients understand:
The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
The Practice will need to collect personal information as a provision of clinical services to a patient at the practice. Patient information is collected on the Patient Registration Form. Collected personal information will include patients’:
A patient’s personal information may be held at the Practice in various forms:
The Practice’s procedure for collecting personal information is set out below.
1. Practice staff collects patients’ personal and demographic information via registration when patients present to the Practice for the first time. Patients are encouraged to pay attention to the collection statement attached to/within the form and information about the management of collected information and patient privacy.
2. During the course of providing medical services, the Practice’s healthcare practitioners will consequently collect further personal information.
3. Personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.
4. The Practice participates in the personally controlled electronic health record system (PECHR). This record is designed to contain an electronic summary of your key health information. It is the patient’s choice to register for and control their eHealth record. The patient’s Individual Health Identifier is stored in the patient’s electronic record.
5. The Practice holds all personal information securely, in electronic format using a pass word protected information systems or in hard copy format in an access controlled environment.
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Transfer of personal information for the provision of medical services is done using an encrypted messaging system, fax or letter.
Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.
The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient.
The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email.
The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
The Practice acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing and sent attention of the Practice Coordinator or email email@example.com; the Practice will respond within a reasonable time.
The Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, the Practice will ask patients to verify the personal information held by the Practice is correct and up to date. Patients may also request the Practice corrects or updates their information, and patients should make such requests in writing and send attention of the Practice Coordinator or email firstname.lastname@example.org
The Practice takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing or speak with the Practice Coordinator. The Practice will then attempt to resolve the matter in accordance with its complaint resolution procedure. Patients may also contact the Office of the Victorian Privacy Commissioner on 1300 666 444, www.privacy.gov.au or the Office of the Australian Information Commissioner 1300 363 992, www.oaic.gov.au