Privacy Policy
Privacy of Personal Health Information Policy
As an Australian based organisation, any data and information collected is held, used and disclosed in accordance with the Privacy Act 1988.
‘Personal health information’ is a particular subset of personal information and can include any information collected about a person in order to provide a health service.
Collection, Usage and Disclosure of Personal Health Information
We collect health information that is necessary for providing healthcare services and this information is collected from our patients during the course of a consultation with one of our Doctors or Nurses. Ancillary health information is also collected by our medical administration staff before or after a consultation. From time to time there is a need to collect patient information from a third party such as relatives or other health service providers when consent from the patient has been obtained or there is a medical necessity or emergency requiring us to collect the information.
The information we collect about a patient includes medical details, family information, name, address, employment and other demographic data, past medical and social history, current health issues and future medical care, Medicare number, accounts details, and any health information such as a medical or personal opinion about a person’s health, disability or health status.
Personal health information also includes the formal health record (written or electronic) and information held or recorded on any other medium (e.g. letter, facsimile, electronic, verbal).
This practice uses personal health information for:
- provision of health care services,
- management of records,
- communication regarding appointments and health care matters,
- administrative matters,
- quality improvement initiatives,
- compliance with legal and regulatory requirements
Personal health information is only disclosed to:
- Healthcare professionals involved in your treatment
- Other healthcare providers with your consent for referral purposes
- Government authorities and law enforcement agencies where required by law,
- Third party healthcare service providers to assist in delivering improved healthcare outcomes, subject to confidentiality agreements.
Personal information held by Maleny Medical Centre will never be used for direct marketing purposes.
Access and Correction
For each patient we have an individual patient health record containing all clinical information held by our practice relating to that patient. Our practice ensures the protection of all information contained within this record. Our patient health records are accessed only by an appropriate team member as required, and we ensure information held about the patient in different records (e.g. at a residential aged care facility) is available when required.
This information, the ‘patient health record’ remains at all times, the property of the Maleny Medical Centre.
The patient has a general right to access their health record under the provisions of the Privacy Act 1988. The practice encourages all requests to access an individual’s health record under these provisions to be in writing addressed to the Practice Manager stating the detail, format and purpose. (refer Patient Request for Personal Health Information Form)
This practice will take reasonable steps to correct personal information and from time to time the practice staff will ask patients to verify their personal information so files can be updated accordingly.
Security of Personal Health Information
As part of our commitment to preserving the confidentiality of the information contained in our patient’s medical record we advise that strict secure storage policies are observed in this practice. Electronic records are accessible only by staff of this practice and are protected by security password. As we are a paperless practice all correspondence is scanned into health records and then the document shredded.
Our practice has appointed the Practice Manager with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols in accordance with RACGP’s Information Security in General Practice guidelines.
If a breach of privacy occurs within our practice, we have processes in place to ensure this breach is reported appropriately, handled quickly and effectively, and reviewed to prevent recurrence. Breaches occur if personal patient information held by the practice is accessed by or disclosed to unauthorised personnel (such as hackers, incorrect recipients or contractors visiting the practice), or is lost entirely by the practice.
Appropriate team members are trained in computer security policies and procedures to ensure our practice is protected electronically. Each member of staff understands the importance of doctor/patient confidentiality.
When required, access to our premises is provided to contractors that are necessary to assist us in maintaining a functioning practice (eg IT contractors). All such contractors sign a confidentiality agreement which prohibits disclosure of any information observed in the course of their service provision.
Changes to This Policy
This policy is reviewed regularly and updated when necessary to reflect changes in our practices or legislation. The updated policy will be published with an effective date and posted to all places previous posted.
Complaints
The practice takes complaints and concerns about the privacy of patient’s personal information seriously. It is the practice’s policy that any complaint must be made in writing and addressed to the Practice Manager and marked – Private and Confidential.
However, if you feel there is a problem that we cannot address, please refer to Office of the Health Ombudsman (OHO), www.oho.qld.gov.au or phone 131OHO (131646).
This policy was reviewed in accordance with legislation and changes made to ensure all content is accurate and up to date.
By using our services, patients consent to the collection, use and disclosure of personal information as outlined in this policy and in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APPs).