Our practice takes the security of personal health information very seriously indeed. During the course of a normal consultation, our doctors collect information regarding current symptoms and duration, significant past medical and surgical history, current medications, allergies and adverse reactions, smoking, exercise, alcohol and nutrition history and family and occupational history.
The purpose of collecting this information in a consultation is to enable the doctor to provide complete and comprehensive health care to the individual. Doctors, allied health practitioners and all other staff and contractors associated with this Practice have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every patient’s right. The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, may not be disclosed either verbally, in writing, in electronic form, by copying either at the Practice or outside it, during or outside work hours, except for strictly authorised use within the patient care context at the Practice or as legally directed.
There are no degrees of privacy. All patient information must be considered private and confidential, even that which is seen or heard and therefore is not to be disclosed to family, friends, staff or others without the patient’s approval.
Sometimes details about a person’s medical history or other contextual information such as details of an appointment can identify them, even if no name is attached to that information. This is still considered health information and as such it must be protected under the Privacy Act. GP’s in our practice have access to health information in order to best provide comprehensive and complete health care to the individual. Our receptionists have limited access to health information in order to be able to provide doctors specific instructions for example, providing telephone information regarding results. Patients at this practice have the right to access their personal health information (medical record) under legislation. Commonwealth Privacy Amendment (Private Sector) Act 2000.
This principle obliges health service providers and other organisations that hold health information about a person to give them access to their health information on request, subject to certain exceptions and the payment of fees (if any). This practice complies with the law and the National and Health Privacy Principles (NPPs & HPPs) adopted therein. Both Acts give individuals the right to know what information a private sector organisation holds about them, the right to access this information and to also make corrections if they consider data is incorrect. The procedure for patients to gain access to their own health information, is to apply in writing to their usual doctor at the above address.
Patients occasionally require the practice to disclose their personal health information to a third party, for instance, insurance company, worker’s compensation or employer. Our practice requires informed written patient consent prior to the disclosure of any health information. Should a patient wish their health information to be transferred to another medical practice, we require written consent and will be happy to transfer patient health information in the preferred manner of the receiving practice. Our own preferred manner of transfer is encrypted on a USB stick or CD which is then posted by registered post or transferred by the patient. Our practice occasionally does internal audits for the purposes of Quality Assurance.
The use of patient health information for quality assurance, research and professional development is always de-identified. If a patient is unsatisfied in the way the practice handles privacy related matters, they should direct their query to Dr Reza Madah at the above address. In the circumstance that the patient would like to be referred to a specialist or the General Practitioner deems Specialist referral to be in the best interest of the patient, a referral will be provided. This referral will usually contain the full health summary of the patient including past medical history, allergies and medications. The envelope will always be left open in order that the patient can read the referral before passing it on to the specialist. Should the patient not wish to share the information with the specialist, this matter should be discussed with the GP and the patient given the opportunity to have non-essential history deleted from the referral.
Appointuit takes security and privacy very seriously. We understand the sensitive nature of data and aim to keep it that way. Appointuit only deals with appointment related data, we leave alone sensitive medical records, and other personal information. Further to this Appointuit employs the latest 256bit encryption to create a highly secure link between your practice and our cloud servers.
Our cloud servers are protected in their data centres by the latest in intrusion protection, disaster recovery, anti-virus, firewalls and data encryption.