Patients of doctors and medical practices have the right to privacy and confidentiality. Medical practices that break rules regarding privacy may be fined, be held criminally liable, or lose their licenses to operate. Individuals or entities, such as the entire medical practice, may be held liable for these infractions.
The rules that define privacy policies for medical practices are included in the Privacy Act of 1988. However, some states and even other countries will have differing policies, and this is important to note when practicing in other locations or when transferring medical or health information across borders.
Here are some things that you need to know about privacy policies for medical practices in Australia so that you will know how to handle sensitive information about your patients as well as their medical information.
What is APP?
APP stands for Australian Privacy Principles. These are rules that are applicable under any type of business where confidentiality is a must, medical practices included. These principles can be applied under any circumstance and can be adapted regardless of societal or technological changes.
There are thirteen APPs in total and all of them apply for medical practices. According to the Australian Government’s Office of the Australian Information Commissioner website, these principles cover:
- How patients’ personal information is collected, used, and disclosed
- The responsibility of organizations in handling sensitive information
- How personal information must be kept accurate and updated
- How accessible patient information should be for the patients themselves
Getting Patient Consent
Getting patient consent is one of the most important things that doctors should do before doing anything that involves a patient. This includes collecting information, disclosing said information, and performing the actual treatment. This is done usually through informed consent forms.
Informed consent forms indicate that patients have been informed about their health status, that a doctor or health worker will collect information, and what the practice can and will do regarding that information. Informed consent forms are also required when doing treatments and should indicate benefits, risks, and alternatives.
Informed consent forms prove that patients are made aware of the actions that the doctor or health worker will perform and that they have accepted these actions of their own volition. In some cases, though, actual forms are no longer used and consent can be accepted for as long as it is expressly articulated.
In some cases, such as when the patient is a minor, disabled, or otherwise incompetent to make sound decisions, then a substitute representative of the patient such as a parent or guardian can provide the consent.
Also, in cases where the patient does not consent to providing information or to required health care, then it must be properly documented to avoid any complications or potential lawsuits.
In some cases, medical cases can be brought up such as in the discussion with another patient or a colleague. It can also be detailed in print such as for medical journals. This can only be done if the patient is de-identified. Otherwise, it will violate privacy laws.
De-identification is defined as making the patient completely unidentifiable by removing his or her details from the narrative. Take caution, though, as this does not only involve omitting the patient’s name. In most cases, details such as gender, age, or Medicare number must also be removed or destroyed.
De-identification is a process that must be observed when sharing information with those not directly involved with the medical case. This should also be done once medical records are no longer needed but would not be destroyed.
Transfer of Health Records
A medical case may be transferred to another practitioner or medical practice in situations such as the death or inability of the original doctor to handle the case. It can be also due to the medical practice being sold to another entity.
During these instances, it is required by law that the patient provides consent to both parties, namely the old and new practice, to the transfer. This applies also for when a patient’s file would need to be reviewed by another specialist which was referred by the original doctor.
Take note, though, that transferring of health records may be subject to different regulations especially if the destination of said file is to a different state or country. You should check with local laws to ensure that you adhere to the policies and regulations native to the area.
Doctors must take extra care when transmitting information whether through the phone, via email, and even via teleconferencing software as privacy breaches would still be very much possible. As a general rule, sensitive information about health records should not be transmitted online.
It is also very important that system users completely erase the data sent electronically after it has served its purpose. This means that it should be irretrievable using any other means. Doctors should make it a point that, when discussing a case to a colleague, de-identification policies still be set in place.
Exceptions to Disclosure of Information
There are certain instances wherein a violation of doctor-patient confidentiality can be excused. Examples of these include reporting to authorities in case of communicable diseases or wherein criminal acts may be involved.
Doctors may also be asked to divulge sensitive information about a patient or medical case as a witness in legal proceedings. In some cases, the practitioner may also be directly involved in a case such as during a malpractice suit and the medical case must be discussed completely and in detail.
Disclosure of private information in legal proceedings often requires official documentation such as a subpoena or discovery order. Only information relevant to the case must be divulged and the doctor may invoke the right to confidentiality if he feels that the requested information is not relevant to the case.
It is very important for those with medical practices to know Australia’s privacy policies by heart. This is to prevent complications down the line as the violation of these policies is considered a very serious offense and can seriously hurt the practice’s, as well as the doctor’s, reputation and credibility.