Information can be held in any media. This practice may record personal health information on paper and in electronic medical records, letter, fax, X-rays, CT scans, videos, photos, audio recordings or information conveyed verbally .
Information may be collected by a GP directly from the patient or from a third party in the course of providing a healthcare service.
If a patient does not provide the information requested, our ability to provide our services to them may be impaired. We reserve the right to withdraw or not provide our services if we believe they may be compromised by a lack of information or we would be unable to meet legal obligations.
Anonymity & pseudonymity
Anonymity – meaning being nameless or withholding your name
Pseudonymity – using a fictitious name – not your own
Wherever it is lawful and practical to do so, this practice will acknowledge a patient’s right in having the option of not identifying themselves or using a pseudonym when requesting healthcare (as per APP2).
It will be clearly explained to the patient that the nature of General Practice and the provision of healthcare do not easily accommodate the notions of anonymity and pseudonymity,- ie. medical histories are required and identities need to be confirmed before a GP can make a diagnosis or prescribe medications, and GPs are also obliged by law to report communicable diseases and child abuse and meet other mandatory reporting. If a patient makes the decision to utilise anonymity or pseudonymity, it will be clearly explained to them that their decision may result in detriment to their treatment and healthcare.
Our practice collects, uses, holds and shares patient’s personal health information in order to provide our patients with optimal healthcare. Our main purpose for collecting, using, holding and sharing personal health information is to manage a patient’s health. Information is collected for a range of purposes which include:
- to assist us to provide optimal ongoing healthcare management and wellbeing;
- to make and change appointments; and
- for various other administrative functions associated with our services e.g. record-keeping, billing, claims processing, and referrals.
- Practice audits and accreditation.
Our practice may at times be required to share personal health information as follows:
- with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles and this Policy
- with other healthcare providers, eg. specialist healthcare providers for the management of a patient’s ongoing healthcare and treatment, to seek professional opinion or manage a referral to or from another provider
- when it is required or authorised by law (eg. Court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of confidential dispute resolution process
- when there is a statutory requirement to share certain personal information (eg. Some diseases require mandatory notification)
- during the course of providing medical services, eg. eHealth services, My Health Record, patient’s health fund, Medicare, or the Department of Veterans’ Affairs (if applicable)
- research related purposes – we may provide non-identifying aggregated data to approved research bodies undertaking research that has been subject to ethical clearances. If such information is required to be identifiable, the patient is provided an opportunity to “opt out” of that research.
How we collect and store personal and health information
Our practice may collect personal and health information in several different ways:
- When a patient makes their first appointment, practice staff will provide a New Patient Information Form to them for completion – this will collect personal and demographic information, along with Consent for health information and use (see “Consent” section below).
- During the course of providing medical services the practice may collect further personal and health information eg. eHealth services, My Health Record.
- During patient consultations.
- We may also collect personal information when a patient visits our website, sends us an email or SMS, telephones us or communicates with us using social media.
In most cases we will collect information directly from the patient, or at their request and with their consent, from previous health providers.
All data is stored electronically and is accessed only by the treating GP and authorised staff.
Our practice has systems in place to protect the privacy, security, quality and integrity of the data held electronically and will take reasonable precautions to ensure:
- information is protected from misuse, loss and unauthorised access, modification and disclosure, and
- ensure the information is accurate, complete and up-to-date.
Our practice provides a Health Information Collection & Use Consent form from patients which is attached to the New Patient Information Form and is required to be read and signed by all new patients. This form covers the following circumstances:
- to assist us to provide the patient with optimal ongoing management of their health and wellbeing
- to make and change appointments
- for reminder letters which may be sent to patients regarding their healthcare and management
- for various other administrative functions associated with our services eg. record-keeping, billing (including Medicare and Health Insurance Commission requirements), claims processing and referrals
- Practice audits and accreditation
- disclosure to others involved in a patient’s healthcare including treating doctors and specialists outside this medical practice. This may occur through referral to other doctors, or for medical tests and in the reports or results returned to us following referrals
- disclosure to other doctors in the practice, locums, etc. attached to the practice for the purpose of patient care and teaching
- to comply with any legislative or regulatory requirements eg. mandatory reporting, notifiable diseases
- when it is required by law eg. Court Subpoenas
- for research related purposes – we may provide non-identifying aggregated data to approved research bodies undertaking research that has been subject to ethical clearances. Should information that would identify the patient be required then the patient would be informed and given the opportunity to “opt out” of any involvement.
A patient can decline to have their health information used in all or some of the ways outlined above but they are clearly informed that it may influence our ability to manage their healthcare to provide the best outcome for them.
Where clinical risk is a possibility, for example, for a procedure or surgery, a signed form which confirms informed consent will be obtained from the patient by the treating doctor.
In all other circumstances other than those mentioned above, doctors and health professionals must have an informative and well documented discussion with a patient to ensure consent is obtained prior to collection, use and sharing of health and personal information.