Health Records Act 2001 (Vic)

44
Health Records Act 2001 (Vic) Health Privacy it’s my business

description

Health Privacy it’s my business. Health Records Act 2001 (Vic). Key Elements. Right of access to health information in the private sector - Breen v Williams Health privacy principles - applicable to public and private sectors. Context. Implements Government election commitment. - PowerPoint PPT Presentation

Transcript of Health Records Act 2001 (Vic)

Page 1: Health Records Act 2001 (Vic)

Health Records Act 2001 (Vic)

Health Privacyit’s my business

Page 2: Health Records Act 2001 (Vic)

Key Elements

• Right of access to health information in the private sector

- Breen v Williams• Health privacy principles

- applicable to public and private sectors

Page 3: Health Records Act 2001 (Vic)

Context

• Implements Government election commitment.

• A companion to the Information Privacy Act (in force from 1 September 2001). The Information Privacy Act will apply to all personal information (except health information) that is collected or held by –

the Victorian public sector; and organisations funded by the public sector.

Page 4: Health Records Act 2001 (Vic)

Rationale for health specific legislation

• To ensure uniformity of access and privacy standards across the public and private sectors (as consumers frequently move between the two sectors).

• To ensure that standards are tailored to health information – arguably the most sensitive category of personal information - and are not capable of variation through codes of practice (cf Cwlth).

Page 5: Health Records Act 2001 (Vic)

Who is covered by the Act?

The Act covers:• health service providers;• any other person/organisation which collects/handles

personal health information.

Health service providers are subject to additional standards reflecting their special relationship with consumers.

Page 6: Health Records Act 2001 (Vic)

Definition of ‘Health Service’

Encompasses -

• activity to assess, maintain or improve an individual’s health;

• activity to diagnose and treat illness, injury or disability (includes public and private hospitals, registered health practitioners);

• disability, aged or palliative care service (includes physical and intellectual disability services, nursing homes and hostels);

• dispensing of prescriptions (pharmacists).

Page 7: Health Records Act 2001 (Vic)

Information covered by the Act (1)

HEALTH SERVICE PROVIDERS

For health service providers, “health information” means–– all identifying personal information collected to provide a

health service;– medical and other health details plus all other personal

information (financial information, names of relatives etc.)

Page 8: Health Records Act 2001 (Vic)

Information covered by the Act (2)

NON-HEALTH SERVICE PROVIDERS

For other public and private organisations, “health information” means all identifying information about the health or disability of an individual: - medical and treatment details about employees kept by

employers, health status or treatment details of insured persons held by insurers, health status of members held

by gymnasiums etc.It does not cover other personal information such as payroll or bank account details.

Page 9: Health Records Act 2001 (Vic)

Key Element (1): RIGHT OF ACCESS

• The Act gives individuals a right of access to health information about themselves which is held by private sector organisations.

• The FOI Act will continue to give individuals a right of access to health information about themselves held by public sector organisation.

• The Act makes some amendments to the FOI Act to supplement access rights under that Act, and make access rights broadly consistent between the public and private sectors.

Page 10: Health Records Act 2001 (Vic)

RIGHT OF ACCESS: Application

• The right of access applies in full to information collected after the commencement of the Act.

• More limited rights apply in respect of information collected prior to the Act’s commencement.

• This reflects the fact that practitioners and other organisations have compiled records on the understanding that they would not be available to be viewed as of right by consumers.

Page 11: Health Records Act 2001 (Vic)

RIGHT OF ACCESS: Manner• Access to ‘new records’ (created after the Act’s commencement)

can occur by way of • inspection;• provision of a copy or a summary (if the individual agrees); or • an opportunity to view the record accompanied by an

explanation by the health service provider.

• Where the provider agrees, access to ‘old records’ may be granted in one of the forms outlined above. If there is no agreement, the person is entitled to receive an accurate summary of the information.

• There is no right of access to non-factual information in ‘old records’ (such as practitioners’ comments).

Page 12: Health Records Act 2001 (Vic)

RIGHT OF ACCESS: Limits

Access must not be granted where – an organisation believes on reasonable grounds that granting access would pose

a serious threat to the life or health of the person making the request or or any other person; or

the information was given in confidence by another person such as a friend or relative, unless that person consents.

An organisation may refuse access where – this would have an unreasonable impact on the privacy of others; information relates to legal proceedings and the information would not be

discoverable or is subject to legal professional privilege denying access is required or authorised by law; or granting access would prejudice law enforcement by a law enforcement agency.

Page 13: Health Records Act 2001 (Vic)

RIGHT OF ACCESS: Fees

• Reasonable fees can be charged by organisations to recover the costs of providing access.

• No ‘lodgement fee’ may be charged.

• Health service providers can charge their ‘usual consultation fee’ for explaining the contents of records to consumers.

• Fees will be capped by a ceiling fixed by regulations.• http://www.dhs.vic.gov.au/ahs/healthrecords/regs.htm

Page 14: Health Records Act 2001 (Vic)

Draft Maximum Fees (1)AIM: - to allow reasonable cost recovery

- to ensure amount does not unfairly stop a person from requesting access

Access:• Preparing Summary by HSP - up to $80• Inspection - $5 per 15mins for supervision• Reasonable costs for collation & assessing - up to $20• A4 black & white photocopy - 20c per page• Recalling document from another location - $10• Explanation by HSP – usual consultation fee

– based on time taken

Page 15: Health Records Act 2001 (Vic)

Draft Maximum Fees (2)HPP 11: Making information available to another HSP- fees reflect current practice of transferring records between

HSPs to ensure continuity of care

• Provision of summary – up to $80– Only if no accurate summary already exists; and– It takes at least 30 minutes to prepare summary

• Copy of at least 20 A4 black & white pages – 20 cents per page

Page 16: Health Records Act 2001 (Vic)

Key Element (2): Health Privacy Principles (HPPs)

• Based on various privacy principles that apply in Australia and other countries, reflecting worldwide trends.

• Tailored to health information.

• Designed to provide privacy protection, promote consumer autonomy, effective service delivery, continued improvement of health services and protection of public health and safety.

Page 17: Health Records Act 2001 (Vic)

Scope

The eleven HPPs –• govern the life cycle of information;• cover collection, use, disclosure, quality, security and

disposal of information;• are binding.

A contravention of the HPPs is:“an interference with the privacy of an individual” .

Page 18: Health Records Act 2001 (Vic)

HPPs1. Collection2. Use & Disclosure3. Data Quality4. Data Security & Retention5. Openness6. Access & Correction7. Identifiers8. Anonymity9. Transborder Data Flows10. Transfer / closure of practice of health service provider11. Making information available to another health service

provider

Page 19: Health Records Act 2001 (Vic)

HPPs1. Collection

Only collect health information if necessary for the performance of a function or activity and with consent (or if it falls within exceptions to HPP1). Notify those you collect from about what you do with the information and that they can gain access to it.An organisation must collect health information only by lawful and fair means and not in an unreasonably intrusive way.

2. Use & DisclosureOnly use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose the person would reasonably expect. Otherwise, you generally need consent.

Page 20: Health Records Act 2001 (Vic)

3. Data QualityTake reasonable steps to ensure the health information you hold is accurate, complete, up-to-date and relevant to the functions you perform

4. Data Security & RetentionSafeguard the health information you hold against misuse, loss, unauthorised access and modification. Only destroy or delete health information in accordance with HPP 4 or other relevant law.

5. OpennessDocument clearly expressed policies on your management of health information and make this statement available to anyone who asks for it.

6. Access & CorrectionIndividuals have a right to seek access to their own heath information held in the private sector, and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.

7. IdentifiersOnly assign a number to identify a person if the assignment is reasonably necessary to carry out your functions efficiently. The use of public sector identifiers by the private sector is limited.

Page 21: Health Records Act 2001 (Vic)

8. AnonymityGive individuals the option of entering transactions with you anonymously, wherever this is lawful and practicable.

9. Transborder Data FlowsOnly transfer health information outside Victoria with consent or if the organisation receiving it is subject to laws which are substantially similar to the HPPs.

10. Transfer / closure of practice of health service providerIf you’re a health service provider, and your business practice is being sold, transferred or closed down, without you continuing to provide services, you must give notice of the transfer or closure to past service users.

11. Making information available to another health service providerIf you’re a health service provider, you must make health information relating to the individual available to another health service provider if requested by the individual.

Page 22: Health Records Act 2001 (Vic)

HPPs: Interaction with other legislation

• The HPPs do not override other legislation.

• Existing provisions in other statutes governing the confidentiality, use and disclosure of health information and those that regulate access to certain kinds of personal information (e.g. adoption information) have been preserved.

• Specific statutory provisions will override the general standards in the Health Records Act to the extent of any inconsistency.

Page 23: Health Records Act 2001 (Vic)

Interaction with FOI Act

• HRA contains amendments to the FOI Act, making right of access through FOI consistent with the right of access held in the private sector through the HRA.

• HPP 6 provides the right to access to health information held by the private sector, whereas the FOI Act will continue to apply to the public sector.

Page 24: Health Records Act 2001 (Vic)

Changes to FOI

1. Definitions• New definitions inserted

– ‘health information’– Health Services Commissioner

2. Access• New way to access records: view information and have it

explained• New charges for access to match the way access is given

Page 25: Health Records Act 2001 (Vic)

3. Refusal of access on grounds of risk to individual • Current FOI provision (s33(4)):

– where disclosure of ‘information of a medical or psychiatric nature’ may be ‘prejudicial’ to the person’s ‘physical or mental health or well-being’ agency may direct access be given rather to registered medical practitioner nominated by agency.

• To be replaced by new provision reflecting HRA: – access to ‘health information’ must not be given where there is a

belief on reasonable grounds that giving access would pose a serious threat to the person’s life or health. Also allows the person refused access to nominate a health service provider who can discuss the information with them.

Page 26: Health Records Act 2001 (Vic)

4. Access to conciliation process• Conciliation process of Health Services Commissioner

will be available to a person who believes they have not been given access to their health information in accordance with the FOI Act.

5. Time in which to seek review• A person denied access to health information on the

grounds of a serious threat to their life or health will have 70 days in which to seek review of the decision.

Page 27: Health Records Act 2001 (Vic)

Changes to s.141 Health Services Act

• Confidentiality provision• Remains key confidentiality provision for hospitals and

community health centres• Changes to exceptions:

– allows giving of information by electronic system designed for information sharing between hospitals, subject to safeguards

– adds HPP 2.2(f), (h) and 2.5 as exceptions– adds additional requirement to giving of information for

research purposes

Page 28: Health Records Act 2001 (Vic)

Balancing Rights & Other Interests

• The rights of access to records and privacy conferred by the Act are not, and cannot be, absolute.

• These rights must be balanced against other important public policy considerations.

Page 29: Health Records Act 2001 (Vic)

Eg: Use & disclosure without consent

• As a general principle, consent is required BUT in some circumstances it is not practicable to seek or obtain consent.

• The Act authorises a patient’s information to be used without consent where necessary for the purposes of subsequent safe and effective treatment of the patient by that organisation.

• The Act authorises patient information to be disclosed without consent for the purposes of funding, management, planning, monitoring, improvement or evaluation of health services, subject to safeguards such as the requirement to take reasonable steps to de-identify the information.

Page 30: Health Records Act 2001 (Vic)

Exemptions

Very few exemptions apply. These relate to:

• the judiciary and quasi-judicial bodies when exercising their judicial or quasi judicial functions;

• genuine news activities carried out by organisations whose dominant function is disseminating news;

• information relating to personal, family or household affairs.

Page 31: Health Records Act 2001 (Vic)

Role of theHealth Services Commissioner (HSC)

• Education, sector-based training and information• Handling inquiries from consumers and providers about

their rights and responsibilities• Making statutory guidelines under the Act (s.22)

• some needed pre-commencement: (1) collection, use and disclosure for research; (2) notification to service users on transfer/closure of practice

• other guidelines may follow, depending on need

• Resolving complaints about interference with privacy• Monitoring compliance

Page 32: Health Records Act 2001 (Vic)

HSC Complaints Process

• Emphasises conciliation

• Investigation where conciliation is not adequate

• Informal resolution in the majority of cases

• Commissioner will be able to serve compliance notices where serious breaches occur

• VCAT may make binding orders

Page 33: Health Records Act 2001 (Vic)

Commencement of the ActTWO-PHASE APPROACH

• 1 March 2002 Health Privacy Principles (HPPs) take effect as voluntary standards ONLY.

• 1 July 2002 Health Records Act is fully operational and HPPs become legally binding (eg right of access; right to make complaints about post-1July actions)

AIM: To give organisations reasonable opportunity to practice applying the HPPs on a voluntary basis in the lead-up to 1 July 2002, with no legal consequences from breaching the HPPs.

Encouraged to apply HPPs from 1 March so get to know them.

Page 34: Health Records Act 2001 (Vic)

Access during 1 March-1 July 2002• Can choose to provide access; encouraged to do so free of

charge.

• If subject to Cwlth Privacy law or other laws that require access to be granted, must comply with those laws.

• If not subject to Cwlth Privacy law or other laws, AND choose to provide access under HPP6 AND to charge a reasonable fee, can look to current draft regulations for guidance; need to make clear to person requesting access that access is being provided by private arrangement, with no right to enforce access under HRA.

Page 35: Health Records Act 2001 (Vic)

Key Matters for Health Service Providers

• Access (private sector)• Legislative standards for health information

handling • Potential new role as ‘nominated health service

provider’

HPPs are built on existing best practice.

Page 36: Health Records Act 2001 (Vic)

“Nominated health service provider” (1)Second opinion about ‘serious threat’

Situation• Individual is refused access to health information on grounds

that granting access would pose serious threat to their life or health.

• Refusing organisation may offer to discuss the information, or arrange for a HSP to do so.

• If no offer to discuss, or offer not accepted, person refused access may nominate another HSP (“nominated HSP”) to assess grounds for refusal.

• “Nominated HSP” must consent.

Page 37: Health Records Act 2001 (Vic)

“Nominated health service provider” (2)Functions:1. Notify individual that NHSP will discuss reasons for refusal with the

organisation refusing access.2. Contact organisation to discuss the nature of its concerns.3. Form an opinion on the validity or otherwise of the decision.4. Explain grounds for the refusal to the individual, if appropriate.5. Discuss content of the health information with the individual, if appropriate.6. If satisfied access would not constitute a serious threat, allow inspection of

information, and provide copy if the organisation holding the information agrees.

7. If not satisfied, decline to allow the individual access. * Can charge a fee (maximum to be set by regulation).

Page 38: Health Records Act 2001 (Vic)

HPP 10Transfer / closure of practice of health service

provider• Where practice is sold or closed down & health service provider

is not providing health services in the new practice.• Provider must put a notice in newspaper stating:

– business is to be sold, transferred or closed down; and– what is going to happen to health information, whether to be

kept or made available for transfer to another provider.• Provider must take other steps to notify individuals as specified in

guidelines issued by Health Services Commissioner.

Page 39: Health Records Act 2001 (Vic)

HPP 11Making information available to another

health service provider

• Gives individuals the right to have health information held by a health service provider made available to another health service provider.

• No grounds to refuse request.• Fees can be set by regulation.

Page 40: Health Records Act 2001 (Vic)

New Commonwealth Law

• Establishes ten National Privacy Principles (NPPs)

• Covers much of the private sector - health service providers (from 21 December 2001)- businesses with a turnover of $3m or more (from 21 December 2001)- small businesses can opt-in (effective 21 December 2002)

• Codes can replace NPPs- based on principle of co-regulation- must meet minimum standard (at least equivalent to NPPs)- must be approved by the Cwlth Privacy Commissioner- can include own complaints handling procedure

Privacy Amendment (Private Sector) Act 2000

Page 41: Health Records Act 2001 (Vic)

HRA & Cwlth Act (1)

• Cwlth operates in conjunction with other Acts- Cwlth Act specifically states that it does not affect the operation of a State law concerning collection,etc of personal information and “is capable of operating concurrently with this Act.”

• Similarities egs- NPPs and HPPs cover similar ground; HPPs more health focussed.- Higher standards for health service providers:

- all personal information collected in the course of providing a health service is ‘health information’.

Page 42: Health Records Act 2001 (Vic)

HRA & Cwlth Act (2)Differences egs• HRA:- ‘health information’ specific;

- more comprehensive and directive: eg specific provisions dealing with access (Part 5);HPPs 10 & 11; consent (s 85);

- no alternative industry codes;- wider definition of ‘health information’ (eg

includes genetic information)l- maximum fees set by regulation (Cwlth does not set

fees, but any fees must not be ‘excessive’).• Access to ‘old’ records:

Cwlth allows access if information in old records is used/disclosed after start of Act, UNLESS providing such access would be an unreasonable administrative burden on the organisation OR cause it unreasonable expense.

Page 43: Health Records Act 2001 (Vic)

HRA & Cwlth Act (3)Other Differences

   Covered by

Health Records Act?Covered by Cwlth Act?

Employee records YES 

Directly related to current/former employees - NO

Non-health service provider small businesses

YES

NO

Deceased persons YES (30 yrs or less) No mention

Information given in confidence by a third party

Exempt from access No specific exemption

MPs & political parties YES NO

Page 44: Health Records Act 2001 (Vic)

Level 30, 570 Bourke Street, MelbourneTel: 03 8601 5222Email: [email protected] website: www.health.vic.gov.au/hsc

Other information:DHS website: www.dhs.vic.gov.au/privacyDHS Booklet: “Communicating with Consumers, Good Practice

Guide to Providing Information”http://hna.ffh.vic.gov.au/ahs/quality/conpart.htm

Health Services CommissionerContact Details