Invivo Home Switching is Easy

 

Privacy Legislation - Are You Complying?

Confused about your obligations under privacy legislation? The following are summaries of some recent cases that have gone before the Privacy Commissioner. As with any new legislation, it is helpful to see how it is being interpreted in practice. Invivo is happy to review compliance for our insured doctors.

Background

On 21 December 2001, the Privacy Amendment (Private Sector) Act 2000 came into effect. This legislation covered all health service providers and contained ten (10) National Privacy Principles (NPPs), which set the standard for the protection of personal information. The Act balanced patient protection with the legitimate need for health service providers to share information in order to provide quality health care. It recognised the sensitive nature of health information and defined how information should be gathered, handled, accessed and stored. Any breaches of the Principles could be referred to the Privacy Commissioner for resolution.

The changes have had major repercussions for medical practices. For many clinicians, the most significant change is the obligation to provide patients access to their medical records. There are a limited number of criteria under which access can be denied and the threshold is very high. Data storage and security plus an in-house privacy policy and complaint handling process are other new requirements. Over the last six years, the changes have largely been absorbed into practice systems and should provide few problems in the day-to-day running of a practice.

Information regarding the Act and further details of the workings of the Privacy Commissioner, can be found on the website www.privacy.gov.au. In addition to the Commonwealth legislation, NSW, Victoria and the ACT have health record and information legislation. Doctors residing in these states are required to comply with all relevant legislation.

What Happens If There Is a Complaint?

Complaints that are not resolved by the parties can be referred to the Privacy Commissioner. Details of all complaints considered by the Commissioner are published on the website. On average, twenty-two matters from all areas of business are considered each year. Of these, over the last four years, only 4 or 18% have been health related. Given the huge number of doctor/patient interactions, the number of these resulting is miniscule.

So What Sorts of Cases Go to the Commissioner?

Example 1 - Surgeon receives a request for records

A patient sought a copy of their medical record from a surgeon. The request was refused on the grounds that it was the practice's policy not to provide a copy. A further request was made and the surgeon acceded to the patient's request, provided a staff member was present. The patient contacted the Privacy Commissioner, complaining that the doctor would not provide a copy of the medical records.

NPP 6 provides that individuals may access personal information that an organisation holds about them unless certain exemptions apply. The type of access is not specified in the legislation. The surgeon claimed an exemption on the grounds that he had offered to provide the patient's information to another surgeon. He also stated that the patient would not be able to interpret the notes and would misunderstand the record. The Commissioner advised the surgeon that access should generally be provided in the form requested by the individual. The Commissioner did not consider that the surgeon had provided satisfactory reasons for not providing the record as requested.

The surgeon agreed to provide a copy of the record but indicated that he did not want to release copies of consent forms, quote sheets and registration pages, stating that they were commercially sensitive. The patient accepted copies of the clinical content after paying an appropriate administration fee. As the patient was satisfied with the outcome, the Commissioner was not required to rule on the withheld material. The Commissioner was satisfied that the surgeon had sufficiently addressed the complaint and closed the matter.

Example 2 - Medical Centre Receives Separate Rulings on Separate Documents

A patient sought two documents held by a medical centre. The medical centre denied access to the first document arguing that doing so would pose a risk to the patient's health. The second document was withheld on the grounds that it would impact on the privacy of another individual.

The complaint was reviewed under the exemption clauses of NPP 6. To assess the first exemption (NPP 6.1(b)), the document was referred to psychiatrist arranged through the RANZCP. The patient consented to this review. The consultant believed that the document's release posed no threat to the patient's health. Consequently, the medical centre agreed to provide the patient with the first document.

The second item was a letter provided to the medical centre by a family member. The family member had specifically requested that the letter not be released to the patient. The content was of a sensitive nature and the disclosure would have serious consequences for the writer and family members. The Commissioner found the medical centre exempt under NPP 6.1(c), and that it need not release the letter.

Example 3- Medical Practitioner's Photograph of Patient in Dispute

A doctor took a photograph of the patient as part of the patient's medical record. The patient regarded this as an unnecessary collection of personal information. The patient discussed their concerns with the medical practitioner. As nothing was done to rectify the situation, the patient wrote to the Commissioner.

This complaint was considered firstly under NPP 1.1, under which an organization must not collect personal information unless it is necessary for one or more of its functions or activities. Secondly, under NPP 10.1, an organization must not collect sensitive information about an individual unless certain conditions are met, including obtaining the individual's consent.

The medical practitioner conceded that it was not necessary to record a digital photograph to provide health care in this case. The patient and the medical practitioner disagreed regarding whether consent had been obtained. Consequently, it was difficult to determine whether NPP 10.1(a) could be relied upon. As a result of the complaint, the medical practitioner removed the patient's photograph from the file and discontinued the practice of taking patient photographs.

For more detail on the above, please refer to the website: http://www.privacy.gov.au/act/casenotes/index.html#comdet

Conclusion

These cases, though small in number, serve as a reminder of the requirements of the legislation. If you have any queries regarding the release of records or denying a patient access, it is wise to seek advice from your indemnity provider. As part of our service, Invivo is happy to provide insured doctors with a privacy systems review on request. We will review your existing systems and provide guidance on complying with the legislation.

Please call 1 800 103 779 to arrange an appointment.

Penny Johnston
Loss Prevention - Invivo

Your Liability for the Actions of Staff - "Vicarious Liability"

As an employer, you are liable for the actions of others assisting you in the delivery of your professional services..

More Info

 

Privacy Legislation - Are You Complying?

Confused about your obligations under privacy legislation? The following are summaries of some recent cases that have gone before the Privacy Commissioner.

More Info

 

A Recent Decision - McLennan v MacCallum

A recent case in WA highlights the evolution of medical opinion on cerebral palsy causation, from a model where perinatal hypoxia was considered central to a more multifactorial framework.

More Info

 

Superannuation - More Attractive Than Ever, Part II

Superannuation is more than just putting away a little bit at a time during your working life to help fund your retirement.

More Info

 
Copyright 2008 Invivo Medical Pty Ltd | Privacy Policy