Privacy Policy

Purpose 

The purpose of our Privacy Policy is to ensure that our patients feel comfortable sharing personal and sensitive information with our doctors and nurses.

Our Policy will explain to the patient how we collect and use this information within the practice and also if and when we have a need to share this information with people outside of our practice, for example if you need a referral to a specialist or simply are referred to have blood taken for testing.

Background & Rationale

We are an accredited practice and we have guidelines which we must follow, The Australian Privacy Principles, referred to as APPs throughout the remainder of this document.

These principles are put in place to ensure patient privacy is protected at all times throughout the various stages of our doctors and allied health staff consultations, when referring you for further tests and/or consultations with specialists and submitting an invoice to Medicare for payment (bulk billing).

The guidelines apply not only to consultations but are equally important in relation to paper documents that are digitally sent to specialists, blood collection agencies and when sending a prescription to a pharmacy.

The policy will be used as a guide for all practice staff to ensure we meet these legal obligations.

The policy is readily available for patients to read and it is as simple as asking for a copy from one of our receptionists.

Practice Procedure

The Practice will:

  • Have a copy of this policy readily available to hand out upon request from a patient.
  • Provide training to all staff in the requirements of the policy to enable staff to deal appropriately and efficiently with any enquiries and concerns raised.

Staff Responsibility

The Practice’s staff will take reasonable steps to ensure patients understand:

  • What information is required and what it is used for.
  • Why information is required for legal purposes.
  • How the information will be used or disclosed.
  • Why and when their consent is necessary.
  • Why it is important for us to check personal information and details regularly.

Patient Consent

When consent is requested, the patient will be made aware of the reason and assured that the information will only be used for the purpose the consent was requested for.

Dealing with us Anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

Collection & Storage of  Information

The Practice will need to collect personal information for example:

  • Name, address, date of birth and contact details
  • Medicare number, where available, for identification and claiming payment from Medicare
  • Health Care Card or Pension Card details
  • Copy of photo ID (i.e. Drivers licence / student card)
  • DVA card details
  • Healthcare identifiers
  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.

A patient’s personal information may be held at the Practice in various forms: 

  • paper records
  • electronic records, My Health Record
  • visual — x-rays, CT scans, videos and photos
  • audio recordings

The Practice’s procedure for collecting/updating personal information is set out below.

  • Practice staff will ask the patient for their name, address, date of birth and contact telephone numbers when they arrive for their first appointment. If calling by phone to make a future appointment, these details will be confirmed. This is to ensure that the correct patient record is being added to the appointment sheet (there are often more than one patient with the same name).
  • During consultations with the doctors and nurses they will collect further information in relation, for example, to any medication you are taking and your previous medical history.
  • Personal information may also be collected from the patient’s carer, guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.
  • Updating your personal information e.g. address, phone numbers etc is as easy as advising a receptionist whilst attending for an appointment, or alternatively it can be supplied in writing to: The Practice Manager, Francine Silva, 4-7 Commercial Road, Rouse Hill NSW 2155

The Practice stores all personal information securely in either electronic or hard copy format. The Practice takes steps to ensure all stored information is retained in a secure environment that is only accessible to doctors and staff of the practice. The use of a personal log on & password and timed screen savers are just some of the measures we have in place. The practice has strict backup procedures in place that ensure security of patient data at all times.

Use & Disclosure of  Information

Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to by the patient. Sometimes it is necessary to share this information with third parties, for example if a patient asks us to electronically send prescriptions to a pharmacy on their behalf. These third parties are required to comply with this policy and the Australian Privacy Principles. The doctor will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).

The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. The Practice will not disclose personal information to anyone outside Australia without need (ie in case of overseas medical emergencies) and without patient consent.

Exceptions to disclose without patient consent are where the information is:

  • required by law
  • necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of a confidential dispute resolution process.

The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email.

The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.

The Practice participates in the electronic transfer of prescriptions via a secure messaging system and in the transfer of patient information via My Health Record. The My Health Record transfers may be either uploaded or downloaded and are directed by the patient advising what information can or cannot be transferred. Both of these services benefit the patient by allowing the practice to directly send prescriptions to their participating pharmacy and to send / receive patient information from other parties (ie the transfer of patient medication list to the Accident & Emergency department within a hospital). The Practice has procedures in place to ensure any patient data sent electronically
via these methods is encrypted and unable to be accessed by anyone other than the intended recipient.

A patient has a right to seek access or correction of their personal information contained in a My Health record.

Access, Corrections, and Privacy Concerns

Access to Personal Information

The Practice acknowledges that patients have a right to:

  • seek access or correction of their personal information in their My Health Record.
  • request access to their medical records. Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time – usually no more than 30 days (please refer to the practice document titled ‘Accessing My Medical Record” which can be provided at reception). The document outlines process the Practice will take to respond to such requests and provide any reasons as to why the practice may not be able to comply with the request, correct details within their personal information.
  • any requests in writing should be sent to: The Practice Manager, Rouse Hill Family Medical Practice, 4-7 Commercial Rd in Rouse Hill NSW 2155 & marked ‘Private & Confidential”. Requests may also be sent by email to: info@rhfmp.com.au
 

Corrections to  Personal Information

If you feel that information within your file may need updating please speak with your doctor for medical issues, or a receptionist to change/update your personal information eg change of address or telephone numbers. The Practice will take the necessary steps to correct personal information where it is satisfied they are not accurate or up to date.

Complaints 

The Practice takes complaints and concerns about the privacy of patients’ personal information very seriously.

Patients have a ‘right to complain’ and where possible patients and others are encouraged to raise any concerns directly with the practice team who are trained to make sure patients of the practice feel confident that any feedback or complaint made will be handled appropriately and within a timely manner.

We believe most complaints can be responded to and resolved at the time the patient (or other people) such as a carer, relative, or friend makes the complaint known to us.

All complaints are reviewed by the Business & Operations Manager. Where necessary the patient will be contacted by either the Practice Manager or the Business & Operations Manager. Any actions required to minimise the circumstances from happening again, are documented and signed off on completion. Staff training will be provided if required.

Examples of complaints or concerns may include breach of privacy.

Complaints can be supplied in writing addressed to: The Practice Manager, Rouse Hill Family Medical Practice, 4-7 Commercial Rd in Rouse Hill NSW 2155. Please mark these “Confidential”.

If the matter cannot be resolved the patient may wish to contact the Health Complaints commissioner on 02 9219 7444 or The Office of the Australian Information Commissioner on 1300 363 992.

OPEN  DISCLOSURE

Open disclosure is an open discussion with a patient about one or more incidents that resulted in harm to the patient while they were receiving healthcare.

Rouse Hill Family Medical Practice actively promotes Open Disclosure.

For more information go to: https://www.safetyandquality.gov.au/our-work/open-disclosure/