To ensure patients who receive care from the Practice are comfortable in entrusting their health information to the Practice. The policy provides information to patients as to how their personal information is collected and used within the Practice, and the circumstances in which we disclose it to third parties.
RACGP Compliance Indicators for the APP: an addendum to the computer and information security standards(Second edition)
Background and Rationale
The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consist of 13 principle-bases laws and apply equally to paper based and digital environments. The APP Complement the long standing general practice obligation to manage personal information in a regulated, open and transparent manner.
This policy must be made available to patients upon request.
The Practice will:
The practices procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
The Practice will only interpret and apply a patients consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of information
The Practice will need to collect personal information as a provision of clinical services to a patient at the practice. Collected personal information will include patients:
The Practices procedure for collecting personal information is set out below.
The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
Use and disclosure of information
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Some disclosure may occur to third parties engaged for the Practice for business purposes, such as accreditation or for the provision of information technology. The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example some diseases require mandatory notification)
The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for transfer and full consent of the patient. The Practice will not disclose personal information to anyone outside of Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
The Practice will not use any personal information in relation to direct marketing to a patient without that patients express consent. Patients may opt-out direct marketing at any time by notifying the Practice in a letter or e-mail.
The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
Access, corrections and Privacy Concerns
The Practice acknowledges patient may request access to their medical records. Patients are encouraged to make this request in writing and the Practice will respond in a reasonable time.
The Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. Patients may also request the Practice corrects or updates their information, and patients should make such requests in writing.
The Practice takes complaints and concerns about the privacy of patients personal information seriously. Patients should express any privacy concerns in writing. The Practice will then attempt to resolve it in accordance with its complaints resolution procedure.
Compliance indicators for the APP: An addendum to the computer and information securities standards (second edition)
RACGP Computer and information security standards (CISS) 2013
The RACGP Privacy handbook and patient pamphlet