Privacy Policy
The purpose of this policy is to outline how the Mt Sheridan Medical Practice complies with its confidentiality and privacy obligations. The practice will make this Privacy Policy available to anyone who asks for it. From the 21st December 2001, the Privacy Amendment (Private Sector) Act 2000 extended the operation of the Federal Privacy Act 1988 to include the private health sector throughout Australia. Going forward, patients will be assured that their privacy will be protected when visiting our practice; that the information collected and retained in our patient records is correct and up-to date; and that they can access their information for review. Your doctor needs information about your past and present health in order to provide patients with high quality care. The ways in which this practice complies with the legislation and National Privacy Principals.
Collection, Use & Disclosure
Patient consent for the transfer of personal health information to other agencies is now obtained on the first visit. This form is found on the reverse side our ‘New Patient Information’ form. We recognise that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the highest privacy compliance standards relevant to ensure personal information is protected. The practice will only collect information which is relevant to patient care to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care. For administrative and billing purposes, and to enable the patient to be attended by other practitioners in our practice, patient information is shared between the practitioners who attend a patient.
We (on behalf of) and the practitioners may collect personal information (including health information) regarding patients for the purpose of providing medical services and treatment to patients. Personal information collected will generally include: the patient’s name, address, telephone number and Medicare number; health care fund; current drugs or treatments used by the patient; previous and current medical history, including where clinically relevant a family medical history, and the name of any health service provider or medical specialist to whom the patient is referred, copies of any letters of referrals and copies of any reports back.
We may access information:
• provided directly by the patient;
• provided on the patient’s behalf with the patient’s consent;
• from a health service provider who refers the patient to medical practitioners
• from health service providers to whom patients are referred.
Personal information collected by us may be used or disclosed:
• for the purpose the patient was advised of at the time of collection of the information by us;
• as required for delivery of the health service to the patient by all clinical and administrative staff;
• as required for the ordinary operation of our services (i.e. to refer the patient to a medical specialist or other health service provider);
• as required under compulsion of law; or
• where there is a serious and imminent threat to an individual’s life, health, or safety;
• information is necessary to obtain Medicare payments or other health insurance rebates
• a serious threat to public health or public safety.
Other than as described in this Policy or permitted under the National Privacy Act, Mt Sheridan Medical Practice uses its reasonable endeavours to ensure that identifying health information is not disclosed to any person.
We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age).
Because of the sensitive nature of the information collected by us to provide its services, extra precautions are taken to ensure the security of that information. Our electronic files are password-protected on several levels, and the computer backup tapes are stored offsite. Our data security ensures that the storage, use and where necessary the transfer of personal health information will be undertaken in a secure manner that protects patient privacy. We ensure that the patient record is accurate, comprehensive, up to date and have enough information to ensure another doctor can continue patient care.
Members of the practice team who have access to patient health records (varying levels of access) includes, GPs, GP Registrars, General Practice Nurses and Reception staff and Medical/Nursing students. We require all our employees and contractors to observe obligations of confidentiality in the course of their employment/contract. We require independent contractors to sign a confidentiality undertaking.
Medical practitioners who provide services at our practices may refer patients to the following services:
• pathology services
• radiology services;
• public hospitals;
• private hospitals;
• day procedure centres;
• specialist medical practitioners and other health providers involved in the relevant patient’s care which may include surgeons, nurses, occupational therapists, pharmacists, physiotherapists, psychologists, dieticians, audiologists, podiatrists and the ambulance service.
Secondary purposes which are directly related to the primary purpose of collection for which we may use or disclose personal information may be for quality assurance, training, billing, liaising with government offices regarding Medicare entitlements and payments and as may be required by our insurers.
Accessing information, correction of information, complaints and obtaining further information
Patients may request access to their personal health information health by this practice. All requests for access (either verbally or by written request) will be referred to the treating doctor and the Practice Privacy Officer as appropriate.
The practice encourages patients to ensure that information is accurate and up to date and to amend any information that is inaccurate. There are some circumstances in which access will be restricted or denied and the reason for this will be explained to the patient.
A charge may be payable where the practice incurs a cost in providing access. This is for administrative costs such as photocopying.
Complaints / Concerns
The best way to deal effectively with concerns and complaints is to communicate openly and respectfully. The Practice Privacy Officer or the treating doctor is available to allay any concerns or complaints at a local level. If a patient is dissatisfied with any aspect of our privacy policy, and satisfaction is not gained with consultation with our practice, the patient can contact:
Office of the Health Ombudsman
Ph 133 646 www.oho.qld.gov.au
PO Box 13281 BRISBANE QLD 4003
Social Media Privacy Policy
Using social media in our practice
Policy
‘Social media’ is defined as online social networks used to disseminate information through online interaction.
Regardless of whether social media is used for business related activity or for personal reasons, the following standards apply to members of our practice team, including general practitioners. Practitioners and team members are legally responsible for their postings online. Practitioners and team members may be subject to liability and disciplinary action including termination of employment or contract if their posts are found to be in breach of this policy.
Procedure
Our practice has appointed Julie Michael (Practice Manager/RN) as our social media officer with designated responsibility to manage and monitor the practice’s social media accounts. All posts on the practice’s social media websites must be approved by this person.
When using the practice’s social media, all members of our practice team will not:
All members of our practice team must obtain the relevant approval from our social media officer prior to posting any public representation of the practice on social media websites. The practice reserves the right to remove any content at its own discretion.
Any social media must be monitored in accordance with the practice’s current polices on the use of internet, email and computers.
Our practice complies with the Australian Health Practitioner Regulation Agency (AHPRA) national law, and takes reasonable steps to remove testimonials that advertise our services (which may include comments about the practitioners themselves). Our practice is not responsible for removing (or trying to have removed) unsolicited testimonials published on a website or in social media over which we do not have control.
Any social media posts by members of our practice team on their personal social media platforms should:
Social media activities internally and externally of the practice must be in line with this policy.