This policy primarily addresses the management of “personal health information” in this practice.


Personal health information is defined as information concerning a patient’s health, medical history, or past or present medical care; and which is in a form that enables or could enable the patient to be identified. It includes information about an individual’s express wishes concerning current and future health services.

All GP’s and practice staff will ensure that patients can discuss issues relating to their health, and that the GP can record relevant personal health information, in a setting that provides visual privacy and protects against any conversation being overheard by a third party.

Staff will not enter a consultation room during a consultation without knocking or otherwise communicating with the GP.

Staff, Registrars and Students will not be present during the consultation without the prior permission of the patient.


GP’s will discuss the practice’s privacy policy with patients who are new to this practice, either on their first visit or when it appears that they are continuing with the practice.

New patients will be given our practice information leaflet.

Information provided to the patient will advise that for the purpose of patient care and teaching this practice normally allows access to the patient records by:

  • Other GP’s in this practice
  • GP locums
  • General practice registrars attached to this practice for training.

GP’s will provide the patient with opportunity to limit access to their record and will note any requirements in the “alert” section of their computerised record.

The practice staff, including its GP’s will endeavour to ensure that continuing patients of the practice are informed about the impact of changes to privacy legislation, by bringing relevant materials to the attention of continuing patients.

Access to Records:

The Health Records Act gives consumers a right to ACCESS their personal health record, not a right to physically take them away. The explanatory notes to the Act set out in plainer language the type of access that is available under the Act:

‘Section 28 of the Act specifies the ways in which a right of access may be exercised under this Act. Where the information is collected after commencement of the Act (that is, AFTER 1 July 2002), the right may be exercised by:

  • Inspection of the information;
  • Obtaining a copy (or, with the agreement of the organisation concerned, an accurate summary); and
  • Viewing the information and receiving an explanation if the organisation is a health service provider (or in any other case, with the agreement of the organisation).
  • Where the information is collected before commencement of the Act (that is BEFORE 1 July 2002), the individual is entitled to receive an accurate summary of that information. The other forms of access outlined above are only available with the agreement of the individual and the organisation’No, It can be collected if it is necessary for an organisation’s functions or activities.
  • Compliance means that:
  • Does complying with the Privacy legislation mean that we can only collect information with the person’s consent?
  • You can only collect personal information that is necessary and relevant for a legitimate function or activity
  • When you collect information from and about individuals, we need to be open with them about why it is being collected and to whom it might be disclosed*
  • The information should be handled in accordance with the persons expectations*
  • If, later on, it is to be handled for other purposes that are not in accordance with their expectations, you need to seek their consent to use or disclose it for these other purposes; otherwise, you can seek to rely upon the authority of law or upon one of the public interest exceptions in the Health privacy Principles.
  • *So, medical information being disclosed to a specialist consultant prior to their consultation with the specialist would be within most peoples normal expectations