There are two key concerns for patients when consulting a medical centre, the first is the competence of the medical professional in diagnosing, treating and managing their medical condition, and the second is the privacy of their medical records. The focus on privacy has become more pronounced recently with the online management of patient records.
A medical centre has a fiduciary duty to maintain the confidentiality of patient information and also a statutory obligation to preserve the privacy of patients’ health information. Private medical centres are primarily regulated by the Health Records and Information Privacy Act 2002 (“the Act”). The Act applies to all health service providers that collect, hold and use health information.
The objective of the Act is to promote the reasonable management of health information by protecting the privacy of an individual’s health information, enabling an individual to access their health information and to provide a framework for resolving privacy disputes.
The Act also sets out the Health Privacy Principles which consists of 15 areas requiring compliance. These areas include notifying the individual of the purpose of collecting the health information, ensuring the information collected is relevant and accurate, collecting the health information from the relevant individual only, providing access to information upon written request and limiting the use and disclosure of the health information, for which specific exemptions operate, for example with consent or if there is a serious threat to the welfare or safety of the individual.
If an individual considers there to have been a contravention of the Act or the Health Privacy Principles, or is in dispute about the retention, storage or access to their personal information, they may lodge a complaint with the Privacy Commissioner or the NSW Civil and Administrative Tribunal (“NCAT”).
It is due to these stringent requirements, that Privacy Policies have become essential. Privacy Policies allow the medical centre to disclose to its patients matters such as the purpose of collecting the health information, the manner in which it will be stored and the duration of storage, the patient’s right to access the information and how requests can be made and the circumstances in which the health information can be released to the patient or to other third parties. Privacy Policies allow the medical centre to, in part, meet some of its statutory obligations under the Act and the Health Privacy Principles. Privacy Policies should also remain up to date and reviewed periodically to ensure that any variations to the manner in which the medical centre operates, or, changes to the legislation, are suitably reflected in this policy.
If you require assistance in the drafting of your Privacy Policy, or if you are in dispute about the privacy of your patient’s health information, we recommend that you seek legal advice at your earliest opportunity to prevent ongoing compliance issues and to resolve the matter without any legal escalation.
If you wish to speak to one of our Medical Centres & Disputes Lawyers, please contact our firm by telephone on (02) 9233 4048 or send an email to info@navado.com.au.
This webpage (and any material or wording appearing on this webpage) is provided for general information purposes only and does not constitute any Legal Advice. It does not take into account your objectives, your instructions or all of the relevant facts and/or circumstances. Navado accepts no responsibility to any person who relies on the information provided on this website. We further refer you to our Disclaimer.
Sorry, but no Articles are available at this time.
Sorry, but no FAQs are available at this time.
