It is a requirement of your employment that you sign a Confidentiality Agreement.
The legal requirement of confidentiality extends from the Practice Principal to all employees.
Breaches of confidentiality may be verbal, visual or auditory.
This practice considered considers that the following incidents constitute a breach of confidentiality:
- Discussion of patient condition with the patient by other than qualified medical practitioner who are directly involved in the care of the patient.
- Discussion of patient condition with family, friends of others.
- Discussion of patient condition with other employees where the discussion is nor directly applicable to patient care or employee’s education.
- Leaving patient electronic files open in full view of inappropriate parties.
- Discussing matters pertaining to a patient in a loud or unprofessional manner, in hearing range of others.
- PRIVACY AND SECURITY OF PERSONAL HEALTH INFORMATIONThis practice is bound by the Commonwealth Privacy Act – Privacy Amendment (Private Sector) Act 2000.Doctors, allied health practitioners and all other staff and contractors associated with this Practice have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every patient’s right.There are no degrees of privacy. All patient information must be considered private and confidential, even that which is seen or heard and therefore is not to be disclosed to family, friends, staff or others without the patient’s approval. Any information given to unauthorised personnel will result in disciplinary action and possible dismissal.All information received in the course of a consultation between a doctor and the patient is considered personal health information. This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception. Medical information can include past medical and social history, current health issues and future medical care. It includes the formal medical record whether written or electronic and information held or recorded on any other medium e.g. letter, fax, or electronically.
- Procedure: Care should be taken that the general public cannot see or access computer screen that display information about other individuals. To minimise this risk automated screen savers should be engaged.Whenever sensitive documentation is discarded the practice uses an appropriate method of destruction e.g. shredding.Electronic information is transmitted over the public network in an encrypted format using secure messaging software. Where medical information is sent by post the use of secure postage is determined on a case by case basis.Items for collection or postage are left in a secure area not in view of the public.Facsimile, printers and other electronic communication devises in the practice are located in areas that are only accessible to the general practitioners and other authorised staff. Faxing is point to point and will therefore usually be only transmitted to one location. Emails are sent via various nodes and at risk of being intercepted. Patient information may only be sent via email if it is securely encrypted according to industry and best practice standards.
- Patient Consultations: When, consulting, treatment room or administration office doors are closed prior to entering staff should either knock and wait for a response or alternatively contact the relevant person by internal phone or email.
- Computerised Records: The Practice Manager and Natasha Lawrence have designated responsibility for overseeing the maintenance of our computer security and adhere to protocols as outlined in our practice IT policy and procedure manual.
- Our practice has systems in place to protect the privacy, security, quality and integrity of the personal health information held electronically. Appropriate staff members are trained in computer security policies and procedures.
- It is the doctor’s responsibility to ensure that prescription paper, sample medications, medical records and related personal information is kept secure, if they leave the room during a consultation or whenever they are not in attendance in their consulting room.
- Patient privacy and security of information is maximised during consultations by closing consulting room doors. All examination couches, including those in the treatment room, have curtains or privacy screens.
- The practice uses a fax disclaimer notice on outgoing faxes that affiliates with the practice. The information contained on this facsimile is legally privileged and confidential. It is intended for the use of the individual named above. If the receiver is not the intended receiver is hereby notified that any dissemination, distribution, publication or copy of this facsimile is prohibited. If received in error please notify the practice above and arrangements will be made for retrieval or destruction.
- Incoming patient correspondence and diagnostic results are opened by a designated staff member.
- Reception and other Practice staff should be aware that conversations in the main reception area can often be overheard in the waiting room and as such staff should avoid discussing confidential and sensitive patient information in this area.
- Personal health information should be kept where staff supervision is easily provided and kept out of view and access by the public e.g. not left exposed on the reception desk, in waiting room or other public areas; or left unattended in consulting or treatment rooms.
- The physical medical records (paper or electronic) and related information created and maintained for the continuing management of each patient are the property of this Practice. The Practice ensures the protection of all information contained therein. This information is deemed a personal health record and while the patient does not have ownership of the record he/she has the right to access under the provisions of the Commonwealth Privacy Act. Requests for access to the medical record will be acted upon only if received in written format, and the treating General Practitioner authorises this access.
- The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, may not be disclosed either verbally, in writing, in electronic form, by copying either at the Practice or outside it, during or outside work hours, except for strictly authorised use within the patient care context at the Practice or as legally directed.
- ‘Personal health information’ means health information which either specifically identifies the individual or from which their identity can reasonably be ascertained.
- It is important that any personal information about a patient or sensitive information about the practice is properly destroyed; either by shredding or by making sure the information cannot be retrieved by anyone emptying the rubbish bins.
- IF YOU FEEL YOU MAY HAVE INADVERTENTLY VIOLATED PATIENT CONFIDENTIALITY, YOU MUST ADVISE THE PRACTICE PRINCIPAL OR PRACTICE MANAGER AS SOON AS POSSIBLE, EXPLAINING THE POTENTIAL BREACH AND TO WHOM IT WAS MADE.
- “We are unable to confirm a deny that a consultation took place”
- A request for information by a Medical Practitioner, other than the referring doctor, requires patient permission (formal or implied).
- A senior staff member has the responsibility to audit the practice’s Patient Privacy Procedures and any breach of these procedures by an individual will result in disciplinary action.
- Results may not be passed on to the patient, or the patient’s representatives, unless authorised by the referring practitioner, or the practitioner originating the report. No patient records should be faxed or e-mailed without the prior approval of the consulting doctor.