Aged Care GP complies with the Australian Privacy principles (APP's) under the commonwealth Privacy Act 1988 (the privacy Act) when handling personal information.
This policy sets out how Aged Care GP collects, uses and discloses a patient's health information, in the course of providing the patient with a health service. This includes when disclosing information to other members of an individual's treating team, as well as when providing care in a holistic manner.
What is health information?
Briefly, the Privacy Act applies to all "personal information" which is information about an individual whose identity is apparent, or can reasonably ascertained. "Sensitive information' is a sub-category of personal information, and it includes "health information". Any personal information held at Aged Care GP is generally health information under the Privacy Act.
What personal information do we collect?
The information we will collect about you includes:
- Names, date of birth, addresses, contact details
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers
- Health fund details
How do we collect your personal information?
Our practice will collect your personal information:
- When you first register with our practice
- During the course of providing medical services, we may collect further personal information
- We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, or communicate with us using social media
In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly.
This may include information from:
- Your guardian or responsible person
- Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- Your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary)
What is "use" and what is "disclosure"?
In general terms, the use of health information refers to the handling of health information within Aged Care GP. Disclosure of health information involves the release of that information to someone outside the Practice, other than the individual whom the information is about.
Generally, health information, can only be used or disclosed:
- For the main reason that we collected it (the primary purpose); or
- For another, directly related purpose (including other healthcare purposes) that the individual would reasonably expect; or
- With the patient's consent.
Providers should be confident about their use or disclosure of health information where there is a clear, shared understanding with their patient about such matters such as:
- The reasons that personal information is being collected
- The circumstances when it may be used and disclosed
- To whom disclosures are likely to occur in the course of assessment, treatment or referral.
This criteria does not apply in circumstances where disclosing the information would lessen a serious and imminent threat to someone's life or health.
APP permits health information to be used or disclosed for the primary purpose for which it was collected, without seeking the patient’s consent. Importantly though, the Privacy Act does require that individuals are told how their information will be handled.
Use and disclosure for directly related secondary purposes
Secondary purposes for using and disclosing health information may either be"directly" related to the primary purpose that the information was collected, or not directly related.
For Aged Care GP, directly related purposes generally include those, which involve providing treatment or care, including for health and wellbeing outside of the primary purpose. A provider can use or disclose a patient's health information for directly related secondary purposes, if the patient would reasonably expect the use or disclosure.
Other directly related purposes include the following activities or processes necessary to the functioning of the Practice.
Providing an individual with further information about treatment options:
- Billing or debt recovery (with care and discretion, consistent with confidentiality)
- Management, funding, complaint-handling, planning, evaluation and accreditation activities
- Disclosure to a medical expert (only for medico-legal opinion), an insurer, a medical defence organisation, or a lawyer, solely for the purpose of addressing liability indemnity arrangements (such as reporting as adverse incident), or for the defence of anticipated or existing legal proceedings
- Quality assurance or clinical audit activities, where they evaluate and seek to improve the delivery of a particular treatment or service
- Disclosure to a clinical supervisor by a psychologist
- External IT support providers under a documented service agreement
- On a rare occasion, personal Information may be disclosed overseas partners. Aged Care GP has taken reasonable steps to ensure the recipient does not breach the Australian Privacy Principles in relation to that information. Personal Information will not be disclosed to overseas recipients for any other reason without your express consent.
Giving notice to patients about the reason for collection
The Privacy Act requires that we give notice to patients about certain matters when we first collect health information. These matters include why the information is being collected, how it may be used and to whom it may be disclosed.
This collection notice lays the groundwork for a shared understanding between Aged Care GP and the patient as to how the patient's health information may be handled. This is important to determining the scope for later uses or disclosures of that information.
A patient's consent is copied on the reverse of the patient registration form, and it's signed by the patient upon registering with the Practice. This record is scanned to the patient's file.
Disclosures in special circumstances
There are limited exemptions under APP, which permit Aged Care GP to disclose a patient's information without consent, even if the patient would not reasonably expect the disclosure.
This includes where using or disclosing the information would lessen or prevent a serious and imminent threat to a person's life, health and safety. For example, where a life-threatening condition is discovered while a patient is unconscious, and consent to use or share this information is not possible.
APP also permits disclosures to a person who is responsible for an individual with a decision-making disability such as a parent, for treatment reasons or compassionate reasons.