Patient Privacy

Privacy of patient information

We respect the highly sensitive nature of our patients’ health information. All staff are committed to handling this information with skill and care to prevent any accidental or unauthorised disclosure.

We expect all staff to meet their obligations to collect, hold, use, and dispose of health information under:

• Privacy Act 2020
• Health Information Privacy Code 2020
• Health (Retention of Information) Regulations 1996.

All new staff receive orientation to the Privacy Act 2020 and their obligations during their induction to the practice.

Collecting patient information

Practice staff follow the rules in the Health Information Privacy Code 2020 when collecting patient information:

• We collect only the information needed to care for and treat the patient, or to fulfil a legal requirement.
• Information is collected from the patient themselves with consent
• Patients directly consent to their health information being collected when they sign an enrolment form to register with our practice.
• From time to time, we may collect information about you from other health providers and health services involved in your care. Examples may include telehealth and virtual providers such as Practice Plus, and other healthcare or after-hours providers.
• If we collect information about you indirectly and you have not already been informed that this may occur, we will, where practicable, notify you. This may be done through our patient portal or other appropriate means.
• We tell the patient:
  • why we are collecting the information.
  • what the information will be used for.
  • who will have access to it.
• We consider privacy obligations when collecting information in a setting that could allow other people to overhear, e.g. reception:
  • It is reasonable to expect patients to provide their full name in the reception area.
  • It is unreasonable to collect sensitive information in a public area where the individual might be overheard.
• Where practical, we use printed forms to collect sensitive information.
• If taking a photo on a personal device:
  • The clinician documents the patient’s consent first, and deletes the image from the device straight after sending it.
  • The image is used only for the purpose it was collected and not shared with anyone else, unless the patient has provided consent.

Using patient information

Our practice staff use patient information appropriately:

• We access patient records only when required to provide healthcare     services.
• Patient information is used only for the purpose it was collected for, unless the patient has consented to another use.
• We treat patient information with respect and confidentiality.

Storing and disposing patient information

We use our electronic patient information system, INDICI, to electronically store and manage all patient health information. Practice staff access the system with their unique login and password.

Patient records are stored and disposed of in accordance with legislation:

• Records are updated regularly, and patient-related documentation is uploaded or scanned into the patient’s record promptly.
• Information is kept secure, backed up, and archived in accordance with the Health (Retention of Health Information) Regulations 1996.
• Records are stored securely for a minimum of 10 years after the last contact.
• Outdated information and records are disposed of confidentially.

Any hard-copy records are locked away securely when not in use.