The following information should enable the ARM member to comply with the amended Commonwealth Privacy Act 1988 which was enacted on 21st December 2001. This Act affects all persons and organizations that, in the course of their operations, assemble and file an individual’s personal information.
This information has been collected and assembled for use by ARM members and has been designed to allow ARM members to obtain and file clients’ personal information, including health information, in a responsible manner which will conform to the National Privacy Principles (NPPs) as set out the Act.
Included in this information is an overview of the Act together with an explanation of the 10 National Privacy Principles (NPPs) and how they affect you.
It must also be remembered that the provisions contained in the Privacy Act apply not only to the health practitioner but also all staff who handle an individual’s health information.
Each State has their own enacted or pending Privacy Act, based mainly on the Commonwealth Privacy Act.
This information must be considered as only a guide to the Privacy Act 1988 and is not intended to be representative of a legal document.
It is recommended that all members familiarise themselves with the Act current in their State to ensure they comply with the legislation.
Further information is available from the Office of the Privacy Commissioner’s website at: www.privacy.gov.au.
This site will direct you to the Privacy Acts of all Australian States.
The following statutory requirements apply:
Privacy Act 1988 (Commonwealth)
Privacy and Personal Information Protection Act 1998 (NSW)
Health Records and Information Privacy Act 2002 (NSW)
Privacy NSW,
Office of NSW Privacy Commissioner,
PO Box A123, Sydney South, NSW, 1235,
02 9268 5588
www.lawlink.nsw.gov.au/privacynsw
Privacy Act
The Privacy Act 1988 (Commonwealth), which applied previously to the public sector, has been extended to apply to all providers of health services effective 21 December 2001 (“The Privacy Amendment, Private Sector, Act 2000”).
The amending Act prescribes ten National Privacy Principles (“NPP”) which relate to data collection, confidentiality and security.
Practitioners will note that the NPPs canvass and regulate a wide range of information collection and handling practice; in particular, obtaining informed consent of a patient to the collection of health information, the security and storage of such information, and patient access to their information.
While it is unlikely in a practical sense that the Act will require any significant change in the provider/patient relationship, administrative and procedural adjustments will need to be effected within Practices.
A provider will now need to collect health information from patients only to the extent necessary to adequately provide the requisite health service. The patient’s consent will be required to collection of the information.
Once the information is collected by the Practice, any disclosure to external parties such as other health providers will ordinarily require the consent of the patient.
Practitioners will be required to put in place an access regime where a patient requests access to their health records. There are some exceptions to the right of access where, for example, access would pose a serious threat to anyone’s life or health or have an unreasonable impact on someone else’s privacy.
Practitioners may be confronted with difficult situations where the parent, or guardian of a patient under the age of eighteen years, requests health information in respect of the child, and the child does not consent to the release of information.
Where access to information is requested, the Practice is entitled to make a reasonable charge for copying and administrative or professional time required to give effect to the access request.
Practices should set in place policies and procedures such that no information is inadvertently or unlawfully disclosed. Staff members should be made aware of the obligations of confidentiality. Office practice should be such that no staff member releases any information to any third party, whether a health provider or otherwise, without the prior consent of the patient.
Reception areas, waiting rooms and consulting rooms should be set out in such a way that any health information in respect of one patient is not inadvertently disclosed to other patients or persons.
THE NATIONAL PRIVACY PRINCIPLES
NPP 1: Collection and NPP 10: Sensitive Information:
Set out providers’ obligations when collecting health information from patients. These include collecting health information only with consent and collecting only the information necessary to provide the service.
Only collect information necessary to deliver the health care service and collect lawfully and not intrusively. You must also obtain the patient’s consent to collect this information explaining why you need the information, how it will be used and to whom it may be given.
The information included in this Journal contains an example of a Consent Statement, which can either be used separately, or could be included in the “Patient Information Form”.
NPP 2: Use and Disclosure:
Sets out how health information, once collected, can be used within the organization or disclosed to third parties outside the organization.
Information collected should only be used for the primary purpose, or for directly related secondary purposes, if the patient would reasonably expect this disclosure i.e. directly related to the patient’s health care. This may at times require sharing this information with other health care providers.
In addition there may be circumstances where information has to be disclosed without patient consent such as some emergency situations, by law e.g. mandatory reporting etc, to fulfil a Professional Indemnity Insurance obligation and provision of information to third party payors for billing and rebate purposes.
The information included in this Journal contains an example of a “Disclosure Register” which should be used for recording disclosures made to others required under or authorised by the law without the consent of the patient.
NPP 3: Data Quality and NPP 4: Data Security:
Set standards for keeping information up-to-date, accurate and complete, as well as for protecting and securing it from loss, misuse and unauthorised access.
All patient information must be maintained in a form that is accurate, complete and up to date and to store this information in a secure manner that protects the patient’s privacy. The access by unauthorised persons must be considered at all times.
Examples of security breaches would include, patient files being left on a desk where unauthorised persons can access the files, computer screens containing patient information being in view of others, discussing a patient’s health information on the telephone in hearing of other patients etc.
Included in this Journal is an example of a “Staff Confidentiality Agreement” which should be signed by each staff member, to acknowledge that they have read and understand the requirements of the Privacy Act.
NPP 5: Openness:
Requires providers to be open about how they handle health information, including the need to develop a document (such as a privacy policy) to clearly explain how they handle health information.
Patients need to be informed that your clinic adheres to the provisions of the Privacy Act 1988. The information included in this Journal contains a notice which should be displayed in a prominent position in your rooms, and which alerts your patients to the fact that your clinic adheres to the National Privacy Principles of the Commonwealth privacy legislation.
Also contained in this Journal is an example of a Privacy Policy Statement, which must be made available to your patients on request.
NPP 6: Access and Correction:
Gives patients a general right of access to their own health records, and a right to have information corrected, if it is inaccurate, incomplete or out of date.
In general terms patients have the right to access their personal information and correct any incorrect or incomplete information.
This applies to all information gathered on or after the 21st December 2001 and any information collected before that date which is referred to or used after that date.
For example if a patient consulted you for a particularly condition on the 1st June 2001 and received treatment for the same condition, or a related condition after the 21st December 2001, they would be entitled to access their health information from the 1st June 2001 onwards as long as it related to the ongoing condition.
Patients do not have to make their request for access in writing or give reasons for wanting to access their information. However, it may be necessary to clarify the scope of the request as patients may not necessarily require a copy of their entire file but only want access to certain records.
The request for access should be noted on the patient’s file and a charge may be levied for the copying of patient files.
There are some circumstances where access to personal health information is restricted and in these cases the reasons for denying access should be explained.
Such circumstances would include situations where the release of the information would pose a serious threat risk to a person’s health or life, or it would have an unreasonable impact on someone else’s privacy, and the request is considered frivolous or vexatious.
The rights of children to privacy must also be considered. Based on the professional judgement of the practitioner and consistent with law, it might at times be necessary to restrict access to personal health information by parents or guardians.
The information included in this Journal contains an example of a “Patient Access Form” which can be used to record details of a patient’s access to their health information.
NPP 7: Identifiers:
Limits the use of Commonwealth government identifiers (such as the Medicate number or the Veterans Affairs number) by providers to the purposes for which they were issued.
At present the health provider is not permitted to use these identifiers for their own record keeping systems, and they must only be used or disclosed for the reasons they were issued.
NPP 8: Anonymity:
Where lawful and practicable, patients must have the option of using health services without identifying themselves.
NPP 9: Transborder data flows:
Sets out obligations for providers regarding the transfer of health information interstate and out of Australia.
Complaints:
an “Incident Record” which should be used when a complaint is made by a patient regarding the handling of their personal information.
| Attachment | Size |
|---|---|
| Incident Record - Disclosure Record.pdf | 10.93 KB |
After four years in New York
After four years in New York City, Obama moved to Chicago, where he was hired as director of the Developing Communities Project (DCP), a domain name registration church-based community organization originally comprising eight Catholic parishes in Greater Roseland (Roseland, West Pullman and Riverdale) on Chicago's far South Side. He worked there as a community organizer from June 1985 to May 1988.[24][26] During his three years as the DCP's director, its staff web site development grew from one to thirteen and its annual budget grew from $70,000 to $400,000. He helped set up a job training program, a college preparatory tutoring program, and a tenants' rights organization in Altgeld Gardens.Obama also worked as a consultant and instructor for the Gamaliel Foundation, a community organizing institute.In mid-1988, he traveled for the first time in Europe for three weeks and then for five weeks in Kenya, where he met many of his paternal relatives for the first time.He returned in August 2006 in a visit to his father's birthplace, a village near Kisumu in rural western search engine optimization Kenya.Obama was a founding member of the board of directors of Public Allies in 1992, resigning before his wife, Michelle, became the founding executive director of Public Allies Chicago in early 1993. He served from 1994 to 2002 on the board of directors of the Woods Fund of Chicago, which in 1985 had been the first foundation to fund the Developing Communities Project, and also from 1994 to 2002 on the board of directors of the Joyce Foundation.Obama served on the board of directors of the Chicago Annenberg Challenge from 1995 to 2002, as founding president and chairman of the board of directors from 1995 to 1999.[24] He also served on the board of directors of the Chicago Lawyers' best web hosting Committee for Civil Rights Under Law, the Center for Neighborhood Technology, and the Lugenia Burns Hope Center.