Note: The template should not be copied word for word, but should instead be used as a template customised to your practice.
Privacy and confidentiality are basic rights in our society. Safeguarding those rights with respect to an individual’s personal health information is our ethical and legal obligation as healthcare providers and workers. Although doing so in today’s healthcare environment is increasingly challenging.
If you breach your patient’s privacy in any manner of the ways we cover off in this video, you may open yourself up to litigation, complaints and other significant penalties. There is a civil penalty of up to $107 million for corporations (the owners of your practice), but as an individual staff member you are also liable for up to $340,000 if you are deemed responsible for making a breach. A data breach occurs when personal information held by an organisation is lost, or subjected to unauthorised access, modification, disclosure or other misuse or interference.
Guidelines on the Australian policy principles will assist general practices to meet their legal obligations in relation to the collection, use and the disclosure of that health information.
- The kinds of personal information the entity collects and holds
- How the entity collects and holds such personal information
- The purpose through which the entity collects, holds, uses and discloses information
- How an individual may access their own personal information held by the entity and seek the correction of such information
- How an individual may complain about a breach of the APPs or a registered APP code
- How the entity will deal with such a complaint
- Whether the entity is likely to disclose practice information to overseas recipients
- If the entity is likely to disclose personal information to overseas recipients, we must name the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy
What to include in your collection statement
Practices must also have in place a collection statement, which contains prescribed information, including:
- Identifying the practice and how to contact it (phone, email, postal address, fax etc)
- The fact that information is collected
- The circumstances in which information is collected
- The fact that patients can access their own health information
- The purpose for which the information is collected
- Other organisations to which your practice usually discloses patient health information
- Any law that requires the particular information to be collected
- The main consequence for the individual if important health information is not provided
If you have any questions please email: firstname.lastname@example.org
Founder/CEO, Pro Mentor Coaching
June Hannan has over 30 years experience in the health industry and is the CEO of Pro Mentor Coaching, which mentors and trains general practices on the best decisions concerning business challenges and opportunities. She is also Vice President of AAPM Queensland Committee, Chair of the north Queensland Regional Advisory Committee for AIM, and has owned and operated two independent optical practices.