Rozelle Total Health is committed to providing quality health care for its patients. As a fundamental part of this commitment, principals, staff and practitioners of the practice recognise the importance of ensuring that our patients are fully informed and involved in their health care.
Rozelle Total Health is, as a NSW health provider in the private sector, bound by the Health Records and Information Privacy Act of 2002 (NSW) and the Privacy Act (1988 CTH). This includes the Australian Privacy Principles and the NSW Health Privacy Principles. These principles set the standards by which we handle personal information collected from our patients. A copy of both sets of Principles is available for inspection at the reception desk.
As part of our commitment to providing quality health care it is necessary for us to maintain files pertaining to your health. These files contain the following types of information:
- Personal details, including your name, address, date of birth, Medicare No, phone numbers, cultural background, next of kin;
- Your medical history at this practice;
- Notes made during the course of consultations;
- Notes made during day to day administration of your file;
- Referrals to other health providers;
- Results and reports received from other health providers.
- Records of billing and accounts/HIC
The information held about you is provided by you or arises as a consequence of the information provided by you.
Your medical file is handled with the utmost respect for your privacy. The file will be accessed by your medical practitioner, and when necessary other practitioners in this practice, including Allied Health professionals, where you have been referred to them. It may also be necessary for our staff to handle your file from time to time to address the administrative requirements of running a medical practice. Our staff and practitioners are bound by strict confidentiality requirements as a condition of employment or a condition of licence, and these requirements will be observed if it is necessary for them to view your records.
At times, to ensure the function of our practice, it may be necessary to allow external organisations, such as accreditation assessors, to access and potentially view medical records. Any external organisation that provides service or advice to this practice will be aware of the need to preserve the requirement of state and federal privacy legislation, and will be bound by a confidentiality agreement.
This practice does not intend to disclose your personal information to overseas recipients.
Ordinarily we will not release the contents of your medical file without your consent. However, we advise that there may be occasions where we will be required to release the details of your file irrespective of whether your consent to the disclosure of the information is given. This can occur if we receive a subpoena to produce records by a court or legal representative.
We advise that as a patient of this practice you have rights of access to any information we hold concerning you. Should you wish to access this information, please refer to the information at the end of our policy – “Accessing Your Medical Record”.
As part of our commitment to preserving the confidentiality of the information contained in your medical record we advise that strict secure storage policies – in accordance with AGPAL Accreditation standards, are observed in this practice. All reasonable steps are taken to prevent any unlawful interference with your electronic records. A full list of our data security procedures is listed below- “RTH Data Security Procedures”. Each member of staff is well versed in the principles and importance of practitioner- patient confidentiality.
Making a Complaint
Should you, at any time, have a query or a complaint in relation to the privacy policies in place at this practice please contact the Practice Manager on 02 9087 4600, who will be happy to address any concerns you may have. We advise that it is the practice’s policy that any complaint is required to be in writing and addressed to the Practice Manager at the practice address or email. It should be marked private and confidential. We advise that we will make our best endeavor to address the complaint within 30 days of receipt of your complaint.
Should you be unsatisfied with the response to your privacy complaint, you may lodge a written complaint to the NSW Privacy Commissioner or the Office of the Australian Information Commissioner.
Rozelle Total Health Privacy Protection Strategies
We have a high reception counter to reduce the chance of patient information being seen by other patients, which is in a room with a door and access is controlled
We encourage patients to wait in the waiting room, to minimise accidental eavesdropping and provide “white noise” to mask conversations.
Our staff are trained not to use full names of patients if at all possible.
Mail is opened away from the front counter and all paper documents are held behind doors and supervised by staff at all times.
All paper records are shredded to Accreditation Standards.
All staff sign a confidentiality and access agreement before commencement.
Staff will not disclose any clinical information unless instructed by a doctor. At times, third parties may require confirmation of details (Medicare No etc). If this information is available to non-clinical staff and our staff member is satisfied the third party is legitimate, we may confer this information.
server is only accessible by a strong password which is changed every 6 months.
medical software is only accessible with another individual unique password.
computers have screen savers that lock the computer after 10 minutes of no use.
all computers that contain access to medical software are kept in supervised areas.
all computers are password protected and log-ins are regularly changed. Any staff member leaving the practice has their password deleted.
back ups are encrypted and stored on site in a fire proof safe. Monthly and annual backups are encrypted and stored off site in a secure environment.
server is protected by state of the art fire walls.
data is not stored in the cloud, nor with an external third party or overseas provider.
Emails which are sent via the internet from RTH, will carry no personal information, except your name and if addressed to you, your email address.
Rozelle Total Health does provide de-identified data to government agencies for research and training.
Assumed Consent. By becoming a patient, Rozelle Total Health assumes that you consent to our collection and storage of your personal information, for the purpose of your healthcare. We will display our “Consent to Collection of Personal Information Statement” and publish it on our website along with this policy. Our Patient demographic update, and New Patient forms, seek your consent to collect and store your personal information.
We operate a computerised Recall and Reminder system for general and specific recalls. If you do not wish to participate, please speak to your practitioner.
We do not collect unsolicited information, and if we do receive it, we will destroy it.
We may from time to time send you general interest information via an electronic mail out. If you do not wish to receive it, please use the unsubscribe button, or contact reception directly.
In the event of a privacy breach, we will take whatever steps we deem necessary to secure the information. In the event that is lost, we will inform the patient and the Privacy Commissioner of the breach and advise of the remedial steps we have taken.
This policy is reviewed every two years.
Accessing your Medical Record
As per NSW and Australian Government legislation, patients have right of access to health information held about them by this practice.
Accessing your health information may be as simple as requesting a copy of your latest pathology results from your medical practitioner during the course of a consultation or electronic request.
However, more often than not accessing your health information will involve far more work for our staff. We advise that the following procedure has been developed to ensure that all requests for access are dealt with as fairly and efficiently as possible.
All requests for access are required to be made in writing and addressed to the attention of
The Privacy Officer
Rozelle Total Health
579 Darling St
Rozelle NSW 2039.
Request for access will be acknowledged in writing within 14 days of receiving the request.
Applicants will be required to clearly state, who they require to access the record, and if different from the applicant, consent to access the information. They must also state their full name, current address, date of birth and Medicare no.
Please note that the contents of your records may not be removed from the practice. However copies of the records will be made available as soon as practical following the inspection if required.
In some circumstances, access may be denied at the practitioner’s discretion. If the patient wishes to take the issue further, they should contact the Privacy Commissioner
No Medicare rebate is available for any fees incurred in the provision of access or copies of the record.
Rozelle Total Health Consent to Collection of Personal Information
Collection of Personal Information, Privacy Act 1988 (Cth) and HRIP Act 2002 (NSW)
This medical practice collects information from you for the primary purpose of providing quality health care. We require you to provide us with your personal details and a full medical history so that we may properly assist, diagnose and treat illnesses and be pro-active in your health care. We will also use the information you provide in the following ways:
Administration purposes in running our practice
Billing purposes, including compliance with Medicare, and Health Insurance Commission requirements
Disclosure to others involved in your health care, including all practitioners in this practice, and treating doctors and specialists inside and outside this practice
Any other practitioner in this practice for the purpose of teaching, unless you specifically refuse at the point of consultation. (Your practitioner will seek your consent for a student to witness a consult or procedure).
Disclosure for research and quality assurance activities to improve individual and community health care and practice management. You will be informed when such activities are being conducted and given the opportunity to opt-out of any involvement.
When required by law under the Public Health Act (2010) for Notifiable Diseases
Patients should also understand that they are not obliged to provide any information requested, but that failure to do so, may compromise the quality of the health care treatment given to you.
RTH does not under the normal course of business, disclose personal information to jurisdictions not governed by Australian law.
Patients have a right to access information held, however the notes on file are the property of the authouring practitioner and a copy is held by the practice. Practitioners may refuse a patient access of their notes if the practitioner believes such access is not in the best interest of the patient. In these circumstances the practitioner will provide an explanation, either during a consult, or written letter.
Any costs involved in providing the access to notes, may incur reasonable out of pocket expenses claimed by the practitioner or the practice. These fees are not covered by a Medicare rebate.
The patient consents to the handling of their personal information, by this practice for the purposes outlined above, and if any limitations on the information are required, they will discuss it with the practitioner directly.
Privacy Officer June 2016 To be reviewed: June 2018