Current as of: 28/4/2023
The Privacy Act 1988 and the Australian Privacy Principles require our practice to have a document that clearly sets out its policies on handling personal information, including health information. This document, called a Privacy Policy, outlines how we handle personal information collected (including health information) and how we protect this information. Our practice has used the privacy policy template available from the RACGP and this has been adapted to reflect how our practice collects and uses personal information. Our privacy policy is displayed in the waiting room and also on the practice information sheet and practice website, and is readily presented to anyone who asks. Our collection of information statement informs patients about how their personal health information will be used, including by other organisations to which the practice usually discloses patient information to, and any law that requires the particular information to be collected. Patient consent to the handling and sharing of personal patient health information is sought and documented early in the process of clinical care, and patients are made aware of the collection statement when giving consent to share health information. According to the Privacy Act 1988 and the Australian Privacy Principles, an organisation may use or disclose personal health information for a purpose (the secondary purpose) which is directly related to the primary purpose of collection without seeking consent, but only if the individual would have a reasonable expectation that the information could be used or disclosed for that secondary purpose.
A directly related secondary purpose for the use and disclosure of personal health information in our practice includes the many activities necessary for the provision of a health service, such as management, funding and monitoring, as well as complaint-handling, planning, evaluation and accreditation activities. It is essential to recognise the importance of ‘reasonable expectation’ as many individuals may be unaware of the range of activities for which their personal health information may be used and disclosed, such as the accreditation processes. Our practice ensures we tell patients how, and for what purpose, personal health information collected about them could be used or disclosed. Patients are advised of this ‘secondary purpose’ in a number of ways, including:
• At the time of the consultation with a general practitioner
• Via the practice privacy statement in the practice information sheet
• Via the practice privacy statement on signage on the walls of the practice, and/or
• By reading, understanding and signing a new patient information form when first registering at the practice, which incorporates the practice privacy statement. It is important we maintain a patient’s right to ‘opt out’ of the secondary purpose through refusal to consent.
If an individual expresses negative views or opposition when made aware of a proposed secondary use or disclosure of their personal health information, this would indicate that they have a reasonable expectation that their personal health information will not be used or disclosed in that manner, and their non-consent is recorded on file. We inform our patients about our practice’s policies regarding the collection and management of their personal health information via:
• A sign at reception
• Brochure(s) in the waiting area
• Our practice information sheet
• New patient information forms
• Verbal means if appropriate, and
• Our practice website.
Our practice privacy policy states:
We require your consent to collect personal information about you and to use the information you
provide in the following ways: –
• Administrative
• Billing
• Disclosure to others involved in your healthcare including treating doctors and specialist
outside this medical practice
• Other doctors within this practice
• De identified for research and quality assurance activities
• To comply with any legislative or regulatory requirements e.g. notifiable diseases
• To use MBS Online Checker before each appointment to allow us to offer opportunistic care
by checking eligibility for Health assessments, chronic disease management and mental health
item numbers.
• For reminder letters which may be sent to you regarding your health.
I consent to the handling of my information by the practice for the purposes set out above:-
Prior to a patient signing consent to the release of their health information, patients are made aware
they can request a full copy of our privacy policy.
Patient consent for the transfer of health information to other providers or agencies involved in the
patient’s healthcare (e.g. treating practitioners and specialists outside the practice) is obtained at
the patient’s first visit to our practice through the New Patient Information Form. Once signed, this
form is scanned into the patient’s health record and its completion is noted.
