Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and...
Transcript of Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and...
![Page 1: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/1.jpg)
Criterion4.2.1–ConfidentialityandPrivacyofHealthInformation
PracticePolicy–PracticePrivacyPolicy
ThispracticeisboundbytheFederalPrivacyAct(1988)andAustralianPrivacyPrinciples(APPs),andalsocomplieswiththeVictorianHealthRecordsAct(2001).
‘Personalinformation’isinformationthatidentifiesyouorcouldreasonablyidentifyyou.‘Personalhealthinformation’aparticularsubsetofpersonalinformationcanincludeanyinformationcollectedandheldtoprovideahealthservice.
Thisinformationincludesmedicaldetails,familyinformation,name,address,employmentandotherdemographicdata,pastmedicalandsocialhistory,currenthealthissuesandfuturemedicalcare,Medicarenumber,accountsdetailsandanyhealthinformationsuchasamedicalorpersonalopinionaboutaperson’shealth,disabilityorhealthstatus.
Itincludestheformalmedicalrecordwhetherwrittenorelectronicandinformationheldorrecordedonanyothermediumegletter,fax,electronicallyorinformationconveyedverbally.
OurpracticehasadesignatedpersonKellieAdamwithprimaryresponsibilityforthepractice’selectronicsystems,computersecurityandadherencetoprotocolsasoutlinedinourcomputerinformationsecuritypolicy(Criterion4.2.2).Thisresponsibilityisdocumentedinthepositiondescription.Tasksmaybedelegatedtoothersandthispersonworksinconsultationwiththeprivacyofficer.
Oursecuritypoliciesandproceduresregardingtheconfidentialityofpatienthealthrecordsandinformationaredocumentedandourpracticeteamareinformedabouttheseatinductionandwhenupdatesorchangesoccur.
Thepracticeteamcandescribehowwecorrectlyidentifyourpatientsusing3patientidentifiers,name,dateofbirth,addressorgendertoascertainwehavethecorrectpatientrecordbeforeenteringoractioninganythingfromthatrecord.
Foreachpatientwehaveanindividualpatienthealthrecord,electroniccontainingallclinicalinformationheldbyourpracticerelatingtothatpatient.Thepracticeensurestheprotectionofallinformationcontainedtherein.Ourpatienthealthrecordscanbeaccessedbyanappropriateteammemberwhenrequired.Wealsoensureinformationheldaboutthepatientindifferentrecords(egataresidentialagedcarefacility)isavailablewhenrequired.
PracticeProcedure–PracticePrivacyPolicy
![Page 2: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/2.jpg)
Doctors,alliedhealthpractitionersandallotherstaffandcontractorsassociatedwiththispracticehavearesponsibilitytomaintaintheprivacyofpersonalhealthinformationandrelatedfinancialinformation.Theprivacyofthisinformationiseverypatient’sright.
Themaintenanceofprivacyrequiresthatanyinformationregardingindividualpatients,includingstaffmemberswhomaybepatients,maynotbedisclosedeitherverbally,inwriting,inelectronicform,bycopyingeitheratthepracticeoroutsideit,duringoroutsideworkhours,exceptforstrictlyauthorisedusewithinthepatientcarecontextatthepracticeoraslegallydirected.
Therearenodegreesofprivacy,allpatientinformationmustbeconsideredprivateandconfidential,eventhatwhichisseenorheardandthereforeisnottobedisclosedtofamily,friends,stafforotherswithoutthepatient’sapproval.Sometimesdetailsaboutaperson’smedicalhistoryorothercontextualinformationsuchasdetailsofanappointmentcanidentifythem,evenifnonameisattachedtothatinformationandassuchitmustbeprotectedunderthePrivacyAct.
Anyinformationgiventounauthorisedpersonnelwillresultindisciplinaryactionandpossibledismissal.Eachstaffmemberisboundbyhis/herprivacyclausecontainedwiththeemploymentagreementwhichissigneduponcommencementofemploymentatthispractice.
Personalhealthinformationshouldbekeptwherestaffsupervisioniseasilyprovidedandkeptoutofviewandaccessbythepublicegnotleftexposedonthereceptiondesk,inwaitingroomorotherpublicareasorleftunattendedinconsultingortreatmentrooms.
PracticecomputersandserverscomplywiththeRACGPcomputersecuritychecklistandwehaveasoundbackupsystemandacontingencyplantoprotectthepracticefromlossofdata(SeeCriterion4.2.2–Computerinformationsecurity).
Careshouldbetakenthatthegeneralpubliccannotseeoraccesscomputerscreensthatdisplayinformationaboutotherindividuals.Tominimisetheriskautomatedscreensaversshouldbeengaged.
Membersofthepracticeteamhavedifferentlevelsofaccesstopatienthealthinformation(SeeCriterion4.2.2–Computerinformationsecurity).Toprotectthesecurityofhealthinformation,GPsandotherpracticestaffdonotgivetheircomputerpasswordstoothersintheteam.
Receptionandotherpracticestaffshouldbeawarethatconversationsinthemainreceptionareacanoftenbeoverheardinthewaitingroomandassuchstaffshouldavoiddiscussingconfidentialandsensitivepatientinformationinthisarea.
Wheneversensitivedocumentationisdiscardedthepracticeusesanappropriatemethodofdestructionshreddingandsecuritybinorcomputerdrive,memorysticksetcarereformatted.
Correspondence
![Page 3: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/3.jpg)
Electronicinformationistransmittedoverthepublicnetworkinanencryptedformatusingsecuremessagingsoftware.Wheremedicalinformationissentbypost,theuseofsecurepostageoracourierserviceisdetermineonacasebycasebasis.
Incomingpatientcorrespondenceanddiagnosticresultsareopeningbyadesignatedstaffmember.
Itemsforcollectionorpostageareleftinasecureareanotinviewofthepublic.
Facsimile
Facsimile,printersandotherelectroniccommunicationdevicesinthepracticearelocatedinareasthatareonlyaccessibletothegeneralpractitionersandotherauthorisedstaff.Faxingispointtopointandwillthereforeusuallyonlybetransmittedtoonelocation.
Allfaxescontainingconfidentialinformationaresenttofaxnumbersensuringtherecipientisthedesignatedreceiver.
• Confidentialinformationsentbyfaxhasdate,patientname,descriptionanddestinationrecordedinalogontheFujiXeroxmachine.
• Write“Confidential”onthefaxcoversheet• CheckthenumberdialledbeforepressingSEND• Keepthetransmissionreportproducedbythefaxasevidencethatthefaxwassent• Alsoconfirmthecorrectfaxnumberonthereport.
Faxesreceivedaremanagedaccordingtoincomingcorrespondenceprotocols.
Thepracticeusesafaxdisclaimernoticeonoutgoingfaxesthataffiliateswiththepractice.
Disclaimer: This email and any attachments have been sent by Narre Warren Medical Centre. The information contained in this email is intended only for the use of the person (s) to whom it is addressed and may be confidential or contain privileged information. If you are not the intended recipient you are hereby notified that any perusal, use, distribution, copying or disclosure is strictly prohibited. If you have received this email in error please immediately advise us by return email and delete the email without making a copy. It is the responsibility of the addressee to scan this email and any attachments for computer viruses or other defects. The sender does not accept liability for any loss or damage of any nature, however caused, which may result directly or indirectly from this email or any file attached. In relation to any legal use you may make of the contents of this email, you must ensure that you comply with the Privacy Act (Cth) 1988 and you should note that the contents may be subject to copyright and therefore may not be reproduced, communicated or adapted without the express consent of the owner of the copyright.
Emails
Emailsaresentviavariousnodesandareatriskofbeingintercepted.Patientinformationmayonlybesentviaemailifitissecurelyencryptedaccordingtoindustryandbestpracticestandards.
![Page 4: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/4.jpg)
PatientConsultations
Patientprivacyandsecurityofhealthinformationismaximisedduringconsultationsbyclosingconsultingroomdoors.Allexaminationcouches,includingthoseinthetreatmentroom,havecurtainsorprivacyscreens.
Whenconsulting,treatmentoradministrationofficedoorsareclosed,priortoentering,staffshouldeitherknockandwaitforaresponseoralternativelycontacttherelevantpersonbyinternalphoneoremail.
Wherelocksarepresentonindividualroomstheseshouldnotbeengagedexceptwhentheroomisnotinuse.
Itisthedoctor’s/healthcareprofessional’sresponsibilitytoensurethatprescriptionpaper,samplemedications,medicalrecordsandrelatedpersonapatientinformationiskeptsecure,iftheyleavetheroomduringaconsultationorwhenevertheyarenotinattendanceintheirconsulting/treatmentroom.
MedicalRecords
Thephysicalmedicalrecordsandrelatedinformationcreatedandmaintainedforthecontinuingmanagementofeachpatientarethepropertyofthispractice.Thisinformationisdeemedapersonalhealthrecordandwhilethepracticedoesnothaveownershipoftherecordhe/shehastherighttoaccessundertheprovisionsoftheCommonwealthPrivacyandStateHealthRecordsAct/Requestsforaccesstothemedicalrecordwillbeactedupononlyifreceivedinwrittenformat.
Ourpatienthealthrecordscanbeaccessedbyanappropriateteammemberwhenrequired.
Practixstoresmedicalrecords,Practixispasswordprotectedperuserandaccesstotherecordassignedperusertoensuretheprotectionofallinformationcontainedinmedicalrecordse.g.passwords,accessdetails,storageandhowyouensureinformationheldaboutthepatientindifferentrecords(e.g.ataresidentialagedcarefacility)isavailablewhenrequired.
Bothactiveandinactivepatienthealthrecordsarekeptandstoredsecurely.
Apatienthealthrecordmaybysolelyelectronicbased.
ComputerisedRecords
Ourpracticeisconsideredpaperlessandhassystemsinplacetoprotecttheprivacy,security,qualityandintegrityofthepersonalhealthinformationheldelectronically.Appropriatestaffmembersaretrainedincomputersecuritypoliciesandprocedures.
![Page 5: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/5.jpg)
NOTETheRACGPStandardsdefinean“activehealthrecord”asarecordofapatientwhohasattendedthepracticethreeormoretimesinthepast2years.
PracticePolicy–PatientsRequestforAccesstoPersonalHealthInformation
Patientsatthispracticehavetherighttoaccesstheirpersonalhealthinformation(medicalrecord)underlegislation;CommonwealthPrivacyAmendment(PrivateSector)Act2000andtheHealthRecordsAct2001(Victoria).TheHRAgivesindividualsarightofaccesstotheirpersonalhealthinformationheldbyanyorganisationintheprivatesectorinVictoriainaccordancewithHealthPrivacyPrinciple6(HPP6).Theprincipleobligeshealthserviceprovidersandotherorganisationsthatholdhealthinformationaboutapersontogivethemaccesstotheirhealthinformationonrequest,subjecttocertainexpectationsandthepaymentoffees(ifany).
PublicsectororganisationscontinuetobesubjecttotheFreedomofInformationAct1982.
ThispracticecomplieswithbothlawsandtheAustralianandHealthPrivacyPrinciples(APPs&HPPs)adoptedtherein.Seesummaryheadingsofprinciplesinthissection.BothActsgiveindividualstherighttoknowwhatinformationaprivatesectororganisationholdsaboutthem,therighttoaccessthisinformationandtoalsomakecorrectionsiftheyconsiderdataisincorrect.CompliancewiththeaccessprovisionsintheHealthRecordsAct2001(Victoria)willgenerallyensurecompliancewiththeCommonwealthPrivacyAct.
AustralianPrivacyPrinciples(APPs)APP1 OpenandtransparentmanagementofpersonalinformationAPP2 AnonymityandpseudonymityAPP3 CollectionofsolicitedpersonalinformationAPP4 DealingwithunsolicitedpersonalinformationAPP5 NotificationofthecollectionofpersonalinformationAPP6 UseordisclosureofpersonalinformationAPP7 DirectmarketingAPP8 Cross-borderdisclosureofpersonalinformationAPP9 Adoption,useordisclosureofgovernmentrelatedidentifiersAPP10 QualityofpersonalinformationAPP11 SecurityofpersonalinformationAPP12 AccesstopersonalinformationAPP13 Correctionofpersonalinformation
AsadoptedwithintheCommonwealthPrivacyAmendment(PrivateSector)Act2000.Wehaveaprivacypolicyinplacethatsetsouthowtomanagehealthinformationandthestepsanindividualmusttaketoobtainaccesstotheirhealthinformation.Thisincludesthedifferentformsofaccessandtheapplicabletimeframesandfees.
ReportsbySpecialists
![Page 6: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/6.jpg)
Thisinformationformspartofthepatient’smedicalrecord,henceaccessispermittedunderprivacylaw.
DiagnosticResults
Thisinformationformspartofthepatient’smedicalrecord,henceaccessispermittedunderprivacylaw.
NOTE:AmendmentstothePrivacyActapplytoinformationcollectedafter21stDecember2001,howevertheyalsoapplytodatacollectedpriortothisdateprovideditisstillinuseandreadilyaccessible.
Werespectindividual’sprivacyandallowaccesstoinformationviapersonalviewinginasecureprivatearea.Thepatientmaytakenotesofthecontentoftheirrecordormaybegivenaphotocopyoftherequestedinformation.AGPmayexplainthecontentsoftherecordtothepatientifrequired.Anadministrativechargemaybeapplied,attheGPsdiscretionandinconsultationwiththePrivacyOfficere.g.forphotocopyingrecord,x-raysandforstafftimeinvolvedinprocessingtherequest.
PracticeProcedure–PatientsRequestforAccesstoPersonalHealthInformation
Anoticeisdisplayedinourwaitingroomadvisingpatientsandothersoftheirrightsofaccessandofourcommitmenttoprivacylegislationcompliance.Aninformationbrochureisalsoavailablethatprovidesfurtherdetailsifrequired.
Releaseofinformationisanissuebetweenthepatientandthedoctor.Informationwillonlybereleasedaccordingtoprivacylawsandatdoctor’sdiscretion.Requestedrecordsarereviewedbythemedicalpractitionerpriortotheirreleaseandwrittenauthorisationisobtained.
RequestReceived
Whenourpatientsrequestaccesstotheirmedicalrecordandrelatedpersonalinformationheldatthispractice,wedocumenteachrequestandendeavourtoassistpatientsingrantingaccesswherepossibleandaccordingtotheprivacylegislation.Exemptionstoaccesswillbenotedandeachpatientorlegallynominatedrepresentativewillhavetheiridentificationcheckedpriortoaccessbeinggranted.Apatientmaymakearequestverballyatthepractice,viatelephoneorinwritingegfax,emailorletter.Noreasonisrequiredtobegiven.Therequestisreferredtothepatient’sdoctorordelegatedprivacyofficer.
Arequestforpersonalhealthinformationiscompletedtoensurecorrectprocessing.
Oncecompletedarecordoftherequestisloggedintheaccessregisterandtheformfiled/scannedinthepatientrecord.
![Page 7: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/7.jpg)
Requestbyanother(notpatient)
Anindividualmayauthoriseanotherpersontobegivenaccess,iftheyhavetherighteglegalguardian,andiftheyhaveasignedauthority.UnderNPP2UseandDisclosure,a‘personresponsible’forthepatient(includingapartner,familymember,carer,guardianorclosefriend),ifthatpatientisincapableofgivingorcommunicatingconsent,mayapplyforandbegivenaccessforappropriatecareandtreatmentorforcompassionatereasons.Identityvalidationapplies.
ThePrivacyActdefines‘apersonresponsible’asaparentoftheindividual,achildorsiblingoftheindividual,whoisatleast18yearsold,aspouseordefactospouse,arelative(atleast18yearsold)andamemberofthehousehold,aguardianorapersonexercisinganenduringpowerofattorneygrantedbytheindividualthatcanbeexercisedforthatperson’shealth,apersonwhohasanintimaterelationshipwiththeindividualorapersonnominatedbytheindividualinacaseofemergency.
Children
Whereayoungpersoniscapableofmakingtheirowndecisionsregardingtheirprivacy,theyshouldbeallowedtodosoaccordingtoFederalPrivacyCommissioner’sPrivacyGuidelines.Thedoctorcoulddiscussthechild’srecordwiththeirparent.Eachcaseisdealtwithsubjecttotheindividual’scircumstances.Aparentwillnotnecessarilyhavetherighttotheirchild’sinformation.
DeceasedPersons
Arequestforaccessmaybeallowedforadeceasedpatient’slegalrepresentativeifthepatienthasbeendeceasedfor30yearsorlessandallotherprivacylawrequirementshavebeenmet.Ref:Sec28HealthRecordsAct.Nomentionismadeofdeceasedpatient’saccessinCommonwealthprivacylegislation.
AcknowledgeRequest
Eachrequestisacknowledgedwithalettersenttothepatient,confirmingrequesthasbeenreceived.Sendtheletterwithin14daysorsoonerasrecommendedbytheNationalPrivacyCommissioner.Acknowledgementwillincludeastatementconcerningchargesinvolvedinprocessingtherequest.
FeesCharged
Discusswiththeindividualwhatinformationtheywantaccessto,andthelikelyfees,beforeundertakingtheirrequestforaccess.
Thefeeswhichanorganisationcanchargeforprovidingaccessmustnotbeexcessiveandmustnotapplytothemerelodgementofarequestforaccess.NationalPrivacyPrinciple(NPP)6.4aimstoprevent
![Page 8: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/8.jpg)
preventorganisationsforusingexcessivechargestodiscourageindividualsfrommakingrequestsforaccesstotheirmedicalrecords.Ifanorganisationincurssubstantialcostsinmeetingarequestforaccess,thentheorganisationcouldchargeareasonablefeetomeettheadministrativecostsinvolved.Forexample,anorganisationcouldrecoversomeofthecostsofphotocopyingorofthestafftimeinvolved.
CollateandAssessInformation
Retrievepatient’shardcopymedicalrecordorarrangeforthetreatingdoctororpracticeprincipletoaccessthecomputerrecord.Refertothepatientrequestformtohelpidentifywhatinformationistobegiventothepatient.
DatamaybewithheldunderprivacylegislationNPP6–AccessandCorrectionforthefollowingreasons:
• Whereaccesswouldposeaseriousthreattothelifeorhealthofanyindividual• Wheretheprivacyofothersmaybeaffected• Ifarequestisfrivolousorvexatious• Ifinformationrelatestoexistingoranticipatedlegalproceedings• Ifaccesswouldprejudicenegotiationswiththeindividual• Ifaccesswouldbeunlawful• Wheredenyingaccessisrequiredorauthorisedbylaw.
SeeNationalPrivacyPrinciplesinfullforacomprehensivelistofexclusionsavailableat:http://www.privacy.gov.au/materials/types/infosheets/view/6583
AccessDenied
Reasonsfordeniedaccessmustbegiventothepatientinwriting.Notetheseontherequestform.Insomecasesrefusalofaccessmaybeinpartorfull.
UseofIntermediarywhenAccessDenied
Ifrequestforaccessisdeniedanintermediarymayoperateasfacilitatortoprovidesufficientaccesstomeettheneedsofboththepatientandthedoctor.
ProvideAccess
Personalhealthinformationmaybeaccessedinthefollowingways:
• Viewandinspectinformation• View,inspectandtalkthroughcontentswiththedoctor• Takenotes• Obtainacopy(canbephotocopyorelectronicprintoutfromcomputer)• Listentoaudiotapeorviewvideo
![Page 9: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/9.jpg)
• Informationmaybefaxedtopatient
CheckIdentityofPatient
• EnsureavisibleformofIDispresentedbythepersonseekingaccessegdriver’slicence,passportorotherphotoidentification.Notedetailsonrequestform
• Doesthepersonhavetheauthoritytogainaccess?Checkage,legalguardiandocuments;ispersonauthorisedrepresentative?
Ifthepatientisviewingthedata,superviseeachviewingsothatpatientisnotdisturbedandnodatagoesmissing.
Ifacopyistobegiventothepatientensureallpagesarecheckedandthisisnotedintherequestform.
Ifthedoctoristoexplainthecontentstoapatientthenensureanappointmenttimeismade.
RequesttoCorrectInformation
Apatientmayasktohavetheirpersonalhealthinformationamendedifhe/sheconsidersthatisnotuptodate,accurateandcomplete(NPP6.5/6.6).
Ourpracticemusttrytocorrectthisinformation.Correctionsareattachedtotheoriginalhealthrecord.
Wherethereisadisagreementaboutwhethertheinformationisindeedcorrect,ourpracticeattachesastatementtotheoriginalrecordoutliningthepatient’sclaim.
TimeFrames
Acknowledgerequest–within14days.Completetherequest–within30days.
PracticePolicy–3rdPartyRequestforAccesstoPersonalHealthInformation
Requestsfor3rdpartyaccesstothemedicalrecordshouldbeinitiatedbyeitherreceiptofcorrespondencefromasolicitororgovernmentagencyorbythepatientcompletingapatientrequestforpersonalhealthinformationform.Whereapatientrequestformandsignedauthorisationisnotobtainedthepracticeisnotlegallyobligedtorelease.
Whererequestsforaccessarerefusedthepatientorthirdpartymayseekaccessunderrelevantprivacylaws.
Anorganisation‘holds’healthinformationifitisintheirpossessionorcontrol.Ifyouhavereceivedreportsorotherhealthinformationfromanotherorganisationsuchasamedicalspecialists,youarerequiredtoprovideaccessinthesamemannerasfortherecordsyoucreate.Ifthespecialisthas
![Page 10: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/10.jpg)
written‘nottobedisclosedtoathirdparty’or‘confidentiality’ontheirreport,thishasnolegaleffectinrelationtorequestsforaccessundertheHealthRecordsAct.Youarealsorequiredtoprovideaccesstorecordswhichhavebeentransferredtoyoufromanotherhealthserviceprovider.
Requestsforaccesstothemedicalrecordandassociatedfinancialdetailsmaybereceivedfromvarious3rdpartiesincluding:
1. Subpoena/courtorder/coroner/searchwarrant2. Relatives/friends/carers3. Externaldoctorsandhealthcareinstitutions4. Police/solicitors5. Healthinsurancecompanies/worker’scompensation/socialwelfareagencies6. Employers7. Governmentagencies8. Accounts/debtcollection9. Students(medicalandnursing)10. Research/qualityassuranceprograms11. Media12. International13. Diseaseregisters14. Telephonecalls
Weonlytransferorreleasepatientinformationtoathirdpartyoncetheconsenttoshareinformationhasbeensignedandinspecificcasesinformedpatientconsenthasmaybesought.Wherepossiblede-identifiedinformationissent.
Ourpracticeteamcandescribetheproceduresfortimely,authorisedandsecuretransferofpatienthealthinformationinrelationtovalidrequests.
PracticeProcedure-3rdPartyRequestforAccesstoPersonalHealthInformation
Thepracticeteamcandescribehowwecorrectlyidentifyourpatientsusing3patientidentifiers,name,anddateofbirth,addressorgendertoascertainwehavethecorrectpatientrecordbeforeentering,actioningorreleasinganythingfromthatrecord.
Patientconsentforthetransferofhealthinformationtootherprovidersoragenciesisobtainedonthefirstvisitandtrainedonfileinanticipationofwhenthismayberequired.
Asarulenopatientinformationistobereleasedtoa3rdpartyunlesstherequestImadeinwritingandprovidesevidenceofasignedauthoritytoreleasetherequestedinformation,toeitherthepatientdirectlyorathirdparty(wherepossiblede-identifieddataisreleased).
Writtenrequestsshouldbenotedinthepatient’smedicalrecordandalsodocumentedinthepractice’srequestregister.Requestsshouldbeforwardedtothedesignatedpersonwithinthepracticeforfollow-up.
![Page 11: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/11.jpg)
Requestedrecordsaretobereviewedbythetreatingmedicalpractitionerorprincipaldoctorpriortotheirreleasetoathirdparty.Whereareportormedicalrecordisdocumentedforreleasetoathirdparty,havingsatisfiedcriteriaforrelease(includingthepatientswrittenconsentandwhereappropriatewrittenauthorisationfromthetreatingdoctor),thenthepracticemayspecifyachargetobeincurredbythepatientorthirdparty,tomeetthecostoftimespentpreparingthereportorphotocopyingtherecord.
Thepracticeretainsarecordofallrequestsforaccesstomedicalinformationincludingtransferstoothermedicalpractitioners.
Wherehardcopymedicalrecordsaresenttopatientsor3rdparties,copiesareforwardednotoriginaldocumentationwhereverpossible.Iforiginalsarerequiredcopiesaremadeincaseofloss.
Securityofanyhealthinformationrequestedismaintainedwhentransferringrequestedrecordsandelectronicdatatransmissionofpatienthealthinformationfromourpracticeisinasecureformat.
Subpoena,courtorderorcoronersearchwarrant
Notethedateofthecourtcaseanddaterequestreceivedinthemedicalrecord.Dependingonwhetheraphysicalorelectroniccopyoftherecordisrequiredfollowproceduresasdescribedabove.
Onoccasionsamemberofstaffisrequiredtoaccompanythemedicalrecordtocourtoralternativelyasecurecourierservicemaybeadequate.Iftheoriginalistobetransported,ensureacopyismadeincaseoflossoftheoriginalduringtransport.Ensurethattherecordisreturnedafterreviewbythecourt.
Relatives/Friends
Apatientmayauthoriseanotherpersontobegivenaccessiftheyhavethelegalrightandasignedauthority.
In2008theAustralianLawReformCommissionrecognisedthatdisclosureofinformationto‘apersonresponsibleforanindividual’canoccurwithincurrentprivacylaw.Ifasituationariseswhereacarerisseekingaccesstoapatient’shealthinformation,practicesareencouragedtocontacttheirmedicaldefenceorganisationforadvicebeforesuchaccessisgranted.
Individualrecordsareadvisedforallfamilymembersbutespeciallyforchildrenwhoseparentshaveseparatedwherecaremustbetakenthatsensitivedemographicinformationrelatingtoratherpartnerisnotrecordedonthedemographicsheet.Significantcourtordersrelatingtocustodyandguardianshipshouldberecordedasanalertonthechildren’srecords.
ExternalDoctorsandHealthCareInstitutions
![Page 12: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/12.jpg)
Directthequerytothepatient’sdoctorandorthepracticemanager/principledoctor
Police/Solicitors
Policeandsolicitorsmustobtainacasespecificsignedpatientconsent(orsubpoena,courtorderorsearchwarrant)forreleaseofinformation.Therequestisdirectedtothedoctor.
HealthInsuranceCompanies/WorkersCompensation/SocialWelfareAgencies
Dependingonthespecificcircumstancesinformationmayneedtobeprovided.Itisrecommendedthattheserequestsarereferredtothedoctor.
Itisimportantthatorganisationstellindividualswhatcouldbedonewiththeirpersonalhealthinformationandifitiswithinthereasonableexpectationofthepatientthenpersonalhealthinformationmaybedisclosed.Doctorsmayneedtodiscusssuchrequestswiththepatientandperhapstheirmedicaldefenceorganisation.
Employers
Ifthepatienthassignedconsenttoreleaseinformationforapre-employmentquestionnaireorsimilarreportthendirecttherequesttothetreatingdoctor.
GovernmentAgencies
Medicare/DepartmentofVeteransAffairs-dependingonthespecificcircumstancesinformationmayneedtobeprovided.Itisrecommendedthatdoctorsdiscusssuchissueswiththemedicaldefenceorganisations.
StateRegisterorBirths,DeathsandMarriages–deathcertificatesareusuallyissuedbythetreatingdoctor
Centrelink–TherearealargenumberofCentrelinkforms(treatingdoctor’sreports)whichareusuallycompletedinconjunctionwiththepatientconsultation.
Accounts/DebtCollection
Thepracticemustmaintainprivacyofpatient’sfinancialaccounts.Accountsarenotstoredorleftvisibleinareaswheremembersofthepublichaveunrestrictedaccess.
Accountsmustnotcontainanyclinicalinformation.Invoicesandstatementsshouldbereviewedpriortoforwardingtothirdpartiessuchasinsurancecompaniesordebtcollectionagencies.
![Page 13: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/13.jpg)
Outstandingaccountqueriesordisputesshouldbedirectedtothepracticemanager/bookkeeperorprincipal.
Students(MedicalandNursing)
Thispracticedoesnotparticipateinmedical/nursingstudenteducation.Thepracticeacknowledgesthatsomepatientsmaynotwishtohavetheirpersonalhealthinformationaccessedforeducationalpurposes.Thepracticealwaysadvisespatientsofimpendingstudentinvolvementinpracticeactivitiesandseekstoobtainpatientconsentaccordingly.Thepracticerespectsthepatient’srighttoprivacy.
Researchers/QualityAssurancePrograms
Wherethepracticeseekstoparticipateinhumanresearchactivitiesand/orcontinuousqualityimprovement(CQI)activities,patientanonymitywillbeprotected.Thepracticewillalsoseekandretainacopyofpatientconsenttoanyspecificdatacollectionforresearchpurposes.Researchrequestsaretobeapprovedbythepracticeprincipal,practicepartnersandmusthaveapprovalfromaHumanResearchEthicsCommittee(HREC)constitutedundertheNH&MRCguidelines.Acopyofthisapprovalwillberetainedbythepractice.
Practiceaccreditationisarecognisedpeerreviewprocessandthereviewingofmedicalrecordsforaccreditationpurposeshasbeendeemedasa‘secondarypurpose’bytheOfficeoftheFederalPrivacyCommissioner.Asaconsequencepatientsarenotrequiredtoprovideconsent.
Patientsshouldbeadvisedofthewaysinwhichtheirhealthinformationmaybeused(includingforaccreditationpurposes)viaasigninthewaitingroomandthepracticeinformationbrochure.
Media
Pleasedirectallenquiriestothepracticemanager/principal.Staffmustnotreleaseanyinformationunlessithasbeenauthorisedbythepracticemanager/principalandpatientconsenthasbeenobtained.
International
Wherepatientconsentisprovidedtheninformationmaybesentoverseashoweverthepracticeisundernoobligationtosupplyanypatientinformationonreceiptofaninternationalsubpoena(NPP9–TransborderDataFlows).
DiseaseRegisters
![Page 14: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/14.jpg)
Thispracticesubmitspatientdatatovariousdiseasespecificregisters(cervical,breast,bowelscreeningetc)toassistwithpreventativehealthmanagement.Consentisrequiredfromthepatientwiththeoptionofoptinginoroptingout.Patientsareadvisedofthisviaasigninthewaitingareaandinthepractice’sinformationleaflet.
TelephoneCalls
Requestsforpatientinformationaretobetreatedwithcareandnoinformationistobegivenoutwithoutadherencetothefollowingprocedure:
1. Takethetelephonenumber,nameandaddressofthepersoncalling2. Forwardthisontothetreatingdoctor/principalorthepracticemanagerwhereappropriate.
PracticePolicy–CollectionandManagementofPersonalHealthInformation
AustralianPrivacyPrinciple1requiresourpracticetohaveadocumentthatclearlysetsoutitspoliciesonhandlingpersonalinformation,includinghealthinformation.
Thisdocument,commonlycalledaprivacypolicy,outlineshowwehandlepersonalinformationcollected(includinghealthinformation)andhowweprotectthesecurityofthisinformation.Itmustbemadeavailabletoanyonewhoasksforitandpatientsaremadeawareofthis.
Thecollectionstatementinformspatientsabouthowtheirhealthinformationwillbeusedincludingotherorganisationstowhichthepracticeusuallydisclosespatienthealthinformationandanylawthatrequirestheparticularinformationtobecollected.Patientconsenttothehandlingandsharingofpatienthealthinformationshouldbeprovidedatanearlystageintheprocessofclinicalcareandpatientsshouldbemadeawareofthecollectionstatementwhengivingconsenttosharehealthinformation.
Ingeneral,qualityimprovementorclinicalauditactivitiesforthepurposeofseekingtoimprovethedeliveryofaparticulartreatmentorservicewouldbeconsideredadirectlyrelatedsecondarypurposeforinformationuseordisclosuresowedonotneedtoseekspecificconsentforthisuseofpatients’healthinformation,howeverweincludeinformationaboutqualityimprovementactivitiesandclinicalauditsinthepracticepolicyonmanaginghealthinformation.
PracticeProcedure–CollectionandManagementofPersonalHealthInformation
Weinformourpatientsaboutourpractice’spoliciesregardingthecollectionandmanagementoftheirpersonalhealthinformationvia:
• Asignatreception• Brochure/sinthewaitingarea• Ourpatientinformationsheet
![Page 15: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/15.jpg)
• Newpatientforms–“Consenttoshareinformation”• Verballyifappropriate• Thepracticewebsite.
Theprivacypolicyshouldoutline:
• Thepractice’scontactdetails• Whatinformationiscollected• Whyinformationiscollected• Howthepracticemaintainsthesecurityofinformationheldatthepractice• Therangeofpeoplewithinthepracticeteam(egGPs,practicenurses,GPRegistrars,students
andalliedhealthprofessionals),whomayhaveaccesstopatienthealthrecordsandthescopeoftheaccess
• Theproceduresforpatientstogainaccesstotheirownhealthinformationonrequest• Thewaythepracticegainspatientconsentbeforedisclosingtheirpersonalhealthinformationto
thirdparties• Theprocessofprovidinghealthinformationtoanothermedicalpracticeshouldpatientsrequest
that• Theuseofpatienthealthinformationforqualityassurance,researchandprofessional
development• Theproceduresforinformingnewpatientsaboutprivacyarrangements• Thewaythepracticeaddressescomplaintsaboutprivacyrelatedmatters• Thepractice’spolicyforretainingpatienthealthrecords.
A‘collectionstatement’setsoutthefollowinginformation:
• Theidentityofthepracticeandhowtocontactit• Thefactthatpatientscanaccesstheirownhealthinformation• Thepurposeforwhichtheinformationiscollected• Otherorganisationstowhichthepracticeusuallydisclosespatienthealthinformation• Anylawthatrequirestheparticularinformationtobecollected(egnotifiablediseases)• Themainconsequencefortheindividualifimportanthealthinformationisnotprovided.
Priortoapatientsigningconsenttothereleaseoftheirhealthinformationpatientsaremadeawaretheycanrequestafullcopyofourprivacypolicyandcollectionstatement.
Patientconsentforthetransferofhealthinformationtootherprovidersoragenciesisobtainedonthefirstvisit.Acopyofourconsentformisincludedbelow.Oncesignedthisformisscannedintothepatient’srecordanditscompletionnoted.
NOTE:Consentfortransferofinformationdiffersfromproceduralconsent.
PracticePolicy–TransferofHealthInformation
Transferofmedicalrecordsfromthispracticecanoccurinthefollowinginstances:
![Page 16: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/16.jpg)
• Formedico-legalreasonsegrecordissubpoenaedtocourt• Whenapatientasksfortheirmedicalrecordtobetransferredtoanotherpractice,dueto
movingresidenceorforotherreasons• Whereanindividualmedicalrecordreportisrequestedfromanothersource• Wherethedoctorisretiringandthepracticeisclosing.
Ourpracticeteamcandescribetheproceduresfortimely,authorisedandsecuretransferofpatienthealthinformationtootherprovidersandinrelationtovalidrequests.
PracticeProcedure–TransferofHealthInformation
RequestsforTransferofMedicalRecordsforMedico-legalReasons
Referto3rdPartyrequestsforaccesstomedicalrecords/healthinformationabove.
ReceivingaRequesttoTransferMedicalRecordstoaPatient’sNewClinic
Inaccordancewithstateandfederalprivacyregulations,arequesttotransfermedicalrecordsmustbesignedbythepatientgivingusauthoritytotransfertheirrecords.
Therequestformshouldcontain:
• Thenameofthereceivingpractitionerorpractice• Thename,address(bothcurrentandformerifapplicable)anddateofbirththepatientwhose
recordisrequired• Thereasonfortherequest.
Whenfulfillingarequest,thispracticemaychoosetoeither:
• Prepareasummaryletter(manuallyorviaclinicalsoftware)andincludecopiesofrelevantcorrespondenceandresultspertinenttotheongoingmanagementofthepatient
• Makeacopyofthemedicalrecordanddispatchthecopytothenewpractice,retainingtheoriginalonsiteforaminimumof7years.
Therequestingclinicisadvisedifweproposetotransferasummaryoracopyofthefullmedicalrecord.Iftheyhaveapreferencetheformatcanbenegotiatedortheycanchoosenottoproceedwiththetransferandseekacopythroughaseparateaccessrequest.
Ifthereisgoingtobeanyexpensesrelatedtothetransfertherequestingclinicisadvisedpriortosendingthemedicalrecordsandoncethefeehasbeenpaidweprocesstherequestassoonaspossible.Anychargesmustnotexceedtheprescribedmaximumfee.
Thepatient’ssignedrequestletter/formandanotationthatthepatienthastransferredismadeonthemedicalrecord.Includethenameandaddressofthenewpracticeandthedispatchdetails(egviaprioritymailorconfidentialcourierorinanelectronicform).
![Page 17: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/17.jpg)
Electronicdatatransmissionofpatienthealthinformationfromourpracticeisinasecureformat.
NOTE:Thereareanumberofwaystheinformationcanbetransferred,dependingontherequestfromthepatientandclinic:viasecurepost;encryptedemail(ifcomputerisedrecords)or,ifthepracticeisreleasingcopiesoftheentirerecordandthepatientrequestsaccess(HealthRecordsAct),thepracticemaywishtomakeanappointmenttimewiththepatienttoofferanappropriateexplanationandcounselfromtheGPorasanalternativemaychoosetosupplyasummaryofthehistory.
Allreasonablestepsaretakentoprotectthehealthinformationfromlossandunauthoriseddisclosureduringthetransfer.
Thispracticedoesnotallowindividualstocollectthefileandtakeittotheirnewprovider.
MakingaRequestforaPatientMedicalRecordfromanotherSource
Accesstoanewpatient’spreviousrecordcanassistwithmaintainingthecontinuityofcareofthepatient.
Whenrequestingrecordsfromanotherclinicastandardrequestfortransferofmedicalrecordstemplate(seesamplebelow)shouldbeused.
Thisshouldcontain:
• Thepatient’sdetails,thepatientshouldbeidentifiedbyname,address(bothcurrentandformerifapplicable)anddateofbirth
• Thereasonforrequestincludingthenameofthedoctormakingtherequest• Therequestfortransferofpatientfilesshouldbeauthorisedbythepatient
Ifthefileswillberequestedelectronically,specificdetailsoftheformatneedstobeincludedsuchasHTMLorXML.
Iftheclinicadvisesyouthatthepatientsarelikelytoincuroutofpocketexpensesrelatedtotransfer,pleaseadvisethepatientpriortoacceptingthetransferredmedicalrecords.
Whenadoctorisretiringandthepracticeisclosing
ThecorrectprocessforhandlingpatienthealthinformationontheclosureofapracticeisavailableintheOFPCGuidelinesatwww.privacy.gov.au/materials/types/guidelines/view/6517.
Thefollowingfactsheetmaybeuseful:Transfer/closureofapracticeorbusinessofahealthserviceproviderhttp://www.health.vic.gov.au/hsc/infosheets/closure.pdf
NOTE:Ahealthserviceproviderwhohasadisputewithanorganisationinrelationtoarequesttoaccesshealthinformationcannotcomplainonbehalfofthepatient.
Acomplaintmustbeledgedinwriting,bythepatientwiththeHealthServicesCommissioner(HSC).Asamplecomplaintformcanbefoundbelow.Adetailedletterisalsorequired.
![Page 18: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/18.jpg)
PracticePolicy–Research
Researchactivity,bothwithinthepracticeandthroughreputableexternalbodiesisencouraged.
Patientsconsentisessentialforinvolvementinresearchprojects.Wheneveranymemberofourpracticeteamisconductingresearchinvolvingourpatients,wecandemonstratethattheresearchhasappropriateapprovalfromanethicscommittee.Theresearchprotocol,consentproceduresandprocessforresolvingproblemsshouldberetainedbythepractice.
Researchactivitiesaredistinctfromauditsundertakenbythepracticeaspartofqualityimprovementactivities.ResearchprojectsrequireapprovalfromanEthicscommitteebut“inhouse”practiceauditsdonot.
Whenwecollectpatienthealthinformationforqualityimprovementauditsorprofessionaldevelopmentactivities,weonlytransferdeidentifiedpatienthealthinformationtoathirdpartyonceinformedpatientconsenthasbeenobtained.
Privacyandconfidentialityisparticularlyimportantespeciallywhenconsideringinvolvementincommercialmarketresearchactivities.
Ourpracticeconsidershowidentifiabletheirpatientinformationwillbeusingthefollowing:
• Identifiablepatientinformation–bywhichindividualpatientscanbeidentified• De-identifiedpatientinformation–whichcannotbetracedbacktotheindividual• Potentiallyidentifiableinformation–couldpossiblybetracedbacktoindividualsorgroupsof
individuals
PracticeProcedure–Research
Researchprojectsinvolvingpatientcare
• Musthavetheexplicitanddocumentedwrittenconsentofthepatient• Thepatientmustreceiveawrittenandoralexplanationabouttheresearchandbeableto
withdrawconsentatanytime• Theprojectmustbeapprovedbyarelevanthumanresearchethicscommittee(HREC)
establishedundertheNH&MRCguidelines• Privacylawsmustbeadheredto.
Researchprojectsinvolvingresearchorclinicalauditsusingde-identifieddatashouldideallyhavepatientsconsent.Thiscanbeinmoregeneraltermssuchasbywaitingroomnoticeorpracticeinformationsheet.
• Extremecaremustbetakennottoallowpatientidentificationfromsmalland/orunusualcohorts
ForQI&CPDactivitiesthatrequirethetransferofpatientinformationoutsidethepractice(egNPSactivities)weneedto:
![Page 19: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/19.jpg)
• EnsuretheactivitycomplieswithrelevantguidelinesonQI&CPD(issuedbyanappropriatespecialistmedicalcollege)
• Ensuretheactivityisapprovedbythatcollege• RetainacopyoftheQI&CPDapprovalfortheactivity• Obtainpatientconsentiftransferringidentifiablepatientinformation
Thepracticeshouldretainarecordoftherequestforparticipationinanyresearchproject,includingtheresearchprotocol,consentproceduresandprocessforresolvingproblemsshouldberetainedbythepractice.
NarreWarrenMedicalCentreConsentFormfortheCollectionofPersonalHealthInformation
NarreWarrenMedicalCentre2MalcolmCourt NarreWarren [email protected]
NarreWarrenMedicalCentre
Require your consent to collect person information about you. Please read this consent formcarefully,andsignwhereindicatedbelow.
NarreWarrenmedical Centre collects information from you for the primary purpose of providingquality health care. We require you to provide us with your personal details and a full medicalhistorysothatwemayproperlyassess,diagnose,treatandbeproactiveinyourhealthcareneeds.Thismeanswewillusetheinformationyouprovideinthefollowingways:
• Administrativepurposesinrunningourmedicalpractice• Billing purposes, including compliance with Medicare and Health Insurance Commission
requirements• Disclosure to others involved in your healthcare including treating doctors and specialists
outside thismedicalpractice.Thismayoccur through referral tootherdoctors,or formedicaltestsandinthereportsorresultsreturnedtousfollowingreferrals
• Disclosuretootherdoctorsinthepractice,locumsetcattachedtothepracticeforthepurposeofpatientcareand teaching.Please letusknow ifyoudonotwantyour recordsaccessed forthesepurposes,andwewillnotinyourrecordaccordingly
• Disclosure for research and quality assurance activities to improve individual and communityhealthcareandpracticemanagement,allinformationintheseinstancesisun-identified.Youwillbeinformedwhensuchactivitiesarebeingconductedandgiventheopportunityto“optout”ofanyinvolvement
![Page 20: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/20.jpg)
I have read the information above and understand the reasons why my information must becollected.IamalsoawarethatthispracticehasaprivacypolicyonhandlingPatientInformation.
IunderstandthatIamnotobligedtoprovideanyinformationrequestedofme,butfailuretodosomaycompromisethequalityofhealthcareandtreatmentgiventome.
Iamawareofmyrightstoaccesstheinformationcollectedaboutme,exceptinsomecircumstanceswhereaccessmaybelegitimatelywithheld.Iwillbegivenanexplanationinthesecircumstances.
Iunderstandthatifmyinformationistobeusedforanyotherpurposeotherthansetoutabove,myfurtherconsentwillbeobtained.
Iconsenttothehandlingofmyinformationbythepracticeforthepurposesetoutabove,subjecttoanylimitationsonaccessordisclosureofwhichInotifythispractice.
Name……………………………………………………………………Signed…………………………………………………………………
NameofGuardian(forchild)……………………………….Signed…………………………………………………………………..
Date…………………………………………………………………………………………………………………………………………………….
NWMCRequestforPersonalHealthInformation
NarreWarrenMedicalCentre2MalcolmCourt NarreWarren [email protected]
PatientDetails
Familyname…………………………………………………………………….GivenName/s…………………………………………………………..
Address……………………………………………………………………………………………………………………………………………………………….
DateofBirth……………./……………/……………………………………..
Applicantifnotthepatient………………………………………………Relationshiptopatient…………………………………………….
HealthInformationRequested
!Pathologyresults Specifydate/s……………………………………………………………………………....!X-rayresults Specifydate/s………………………………………………………………………………..!Othertestresults Pleasespecify…………………………………………………………………………………!Asummaryofmyhealthrecord!HealthRecord-detailed!CurrentMedications
![Page 21: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/21.jpg)
!Correspondenceonfile!Other,pleasegivedetails ……………………………………………………………………………………………………...…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
Howwouldyouliketoreceivethisinformation?
!Viewandinspectinformation.Iwillmakeatimeatreception!View,inspectanddiscusscontentswithmydoctor.Iwillmakeanappointmentatreception!Obtainacopy-collect!Obtainacopy–sendviamail!Obtainacopy–viaFaxNo……………………………………………………………………………………………………………………………..!Obtainacopy–viaEmail……………………………………………………………………………………………………………………………….Note:Privacyrequirementsallowthedoctorincertaincircumstancestorestrictthereleaseofmedicalrecords.
Chargingpolicy–feesmaybechargedforaccess.Pleaserequestinformationaboutyourchargingpolicy.
SignatureofApplicant………………………………………………………………………………………Date………./………./……………………
OfficeUseOnly–StafftoInitialandDateEachEntry!Daterequestreceived………./………./………. !AcknowledgementDate………./………./…………..!Identificationverifiedknowntostaff/license/passport/other…………………………………………………………………..!Appointmentmadewithdoctor!Yes!No Date………./………/………. Time:!Patienttocollect? ExpectedDate………./…………/……….!Doctoradvisedpriortorelease !Notedinpatientrecord!Recordcheckedandreadyforpatient !Dataremoved/deleted !Yes!No!Methodofaccess:view/view&Dr/copy&collect/copy&send……………………………………………………………….!FeesCharged !Yes !No Amount$...............(excludeGST)FeesReceived$……....!Accessprocesscompleted(recordviewed/sent) Date………./………./……….
RequestforMedicalRecordsTransfer
NarreWarrenMedicalCentre2MalcolmCourt NarreWarren [email protected]
Date………./………./………..
DearDr……………………………………………………..,
PracticeDetails………..………………………………………………………………………………………….……………………………………………..
PatientsFullName………………………………………………………………………………………………………..………DOB………/………/……..
![Page 22: Criterion 4.2.1 – Confidentiality and Privacy of Health ...€¦ · Our security policies and procedures regarding the confidentiality of patient health records and ... Patient](https://reader034.fdocuments.in/reader034/viewer/2022051904/5ff634475f621a2544759330/html5/thumbnails/22.jpg)
OtherFamilyMembers(ifunder18yearsofage)PatientFullName………………………………………………………………………………………….…………….DOB………./………./………..
Address………………………………………………………………………………………………………..……………………………………………………..
PatientFullName………………………………………………………………………………………….…………….DOB………./………./………..
Address………………………………………………………………………………………………………..……………………………………………………..
PatientFullName………………………………………………………………………………………….…………….DOB………./………./………..
Address………………………………………………………………………………………………………..……………………………………………………..
Theabovementionednowattendsthispractice.Toassistintheirfuturemedicalmanagementwouldyoupleasekindlyforward(tickoption):!Theirclinicalrecords!Anaccuratehealthsummary,withrelevantcorrespondenceandresults!DetailsofanyCDMorPIPitemsclaimedwithinthelast2years(GPMP)
Theserecordscanbeforwardedbymail,fax,encryptedemail(PKI),non-rewriteableCD.Electronicversionshouldbe!HTML !XML
YoursSincerely,
Doctor…………………………………………………………………………………………………………………………………..……….(NameofGP)
Patient’sSignedAuthority
I,…………………………………………………………………………………………………………………………………………..(Patientsfullname)
Of………………………………………………………………………………………………………………………………………………………………….……(Patientscurrentaddressanddateofbirth)
Formerlyof…………………………………………………………………..…………………………………………………………………………………….(Patientsformeraddressifapplicable)
Authorisethereleaseofmy/myfamiliesmedicalrecordstotheforwardedto<InsertClinicName>
Signed……………………………………………………………………………………………………………………..Date………../………./………….