Privacy of Patient Information
We respect the highly sensitive nature of our patients’ health information. All staff are committed to handling this information with skill and care to prevent any accidental or unauthorised disclosure.
We expect all staff to meet their obligations to collect, hold, use, and dispose of health information under:
- Privacy Act 2020
- Health Information Privacy Code 2020
- Health (Retention of Information) Regulations 1996.
All new staff receive orientation to the Privacy Act 2020 and their obligations during their induction to the practice.
Refer to Privacy Commissioner: Collecting Personal Information and Using and Disclosing of Personal Information
Collecting Patient Information
Practice staff follow the rules in the Health Information Privacy Code 2020 when collecting patient information:
- We collect only the information needed to care for and treat the patient, or to fulfil a legal requirement.
- Information is collected from the patient themselves, unless they have consented to it being collected from someone else.
- We tell the patient:
- why we are collecting the information.
- what the information will be used for.
- who will have access to it.
- We consider privacy obligations when collecting information in a setting that could allow other people to overhear, e.g. reception:
- It is reasonable to expect patients to provide their full name in the reception area.
- It is unreasonable to collect sensitive information in a public area where the individual might be overheard.
Where practical, use printed forms to collect sensitive information.
If taking a photo on a personal device:
- The clinician documents the patient’s consent first, and deletes the image from the device straight after sending it.
- The image is used only for the purpose it was collected and not shared with anyone else, unless the patient has provided consent.
Using Patient Information
Our practice staff use patient information appropriately:
- We access patient records only when required to provide healthcare services.
- Patient information is used only for the purpose it was collected for, unless the patient has consented to another use.
- We treat patient information with respect and confidentiality.
Storing and Disposing Patient Information
We use our electronic patient information system, INDICI, to electronically store and manage all patient health information. Practice staff access the system with their unique login and password.
Patient records are stored and disposed of in accordance with legislation:
- Records are updated regularly, and patient-related documentation is uploaded or scanned into the patient’s record promptly.
- Information is kept secure, backed up, and archived in accordance with the Health (Retention of Health Information) Regulations 1996.
- Records are stored securely for a minimum of 10 years after the last contact.
- Outdated information and records are disposed of confidentially.
Any hard-copy records are locked away securely when not in use.