Privacy Policy

This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception.

All practice team members are aware that any information given to unauthorised personnel will result in disciplinary action, possible dismissal and other legal consequences.

Our practice has developed and implemented a privacy policy that details how we manage data, it includes data:

Patients, their family and carers can access our privacy policy upon request or in waiting area

All members of the practice receive training in the significance and obligations of the Privacy Act and the Australian Privacy Principles, the importance of confidentiality and our privacy policy. Training records are stored in PracticeHub .  It is the responsibility of the Practice Manager to ensure all training records are completed and current.

At the commencement of their employment/engagement the team member must sign a confidentiality agreement, the completed agreement is stored in their employment file in Practice Hub or in the Practice Manager Office.

A template for the patient privacy policy can be found here RACGP Privacy policy template

Patients of our practice are informed of their rights to access their personal health information in accordance with the Australian Privacy Principles (APP). This is done via the practice information sheet, notice in the waiting area, the practice website.

On request for access to personal health information, our practice documents each request and endeavours to assist patients in gaining access according to the Privacy Act and APP, we:

Refer to C6.3 A above, for practice member training and training record requirements.

To ensure timely, authorised, and secure transfer of patient health information we use Best Practice secure message service or email encryption method. The patient may consent to their information being sent without such protection, this consent must be documented and recorded in the patient’s medical record.

Confidential data is not to be sent via email or the internet.

Electronic transfer of a patient’s health information cannot proceed unless requested by the patient. The patient’s consent is documented in their health record.

Refer C6.3 A above, for practice member training and training record requirements.

The Practice Manager is responsible for the maintenance of secure messaging software; troubleshoot and managing issues with the secure messaging software vendor. The Practice Manager is responsible for reviewing this use of secure messaging service, addressing any discrepancies identified, updating procedures as required and providing updates to all practice team members.

Our healthcare professionals send all health information using secure messaging.

Our practice has advised external healthcare professionals/organisations that the practice’s method of transferring patient health information is using Best Practice secure messaging. All secure messaging contact details on the Healthcare Provider Directory and Endpoint Location Service are accurate and up to date.

Our practice has secure storage electronic and/or physical locations for all official documents, including prescription forms, administrative records, templates and letterhead.

Useful information:

Privacy basics and data breaches (Avant Learning Centre)

Providing medical records to a third party (Avant Learning Centre)