Mallee Physio members shall respect the confidentiality and security of client information. Clients have the right to confidentiality and this right shall encompass all client information including attendance for treatment.
Mallee Physio is bound by the Federal Privacy Act – Privacy Amendment (Private Sector) Act 2000 and also complies with the Victorian Health Records Act 2001. Copies of these can be located by clinking the above links.
The APA Code of Conduct sets out explicit obligations in relation to confidentiality and privacy.Mallee Physio Practice staff must be familiar with key aspects of privacy legislation and the APA Code of Conduct to ensure they manage health information appropriately. Follow the above link to access a copy or a copy can find a copy in the practice waiting room.‘Personal health information’ means health information which either specifically identifies the individual or from which their identity can reasonably be ascertained.Mallee Physio have a responsibility to maintain the privacy of personal health information and related financial information:
- The privacy of this information is every patient’s right.
- The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, may not be disclosed either verbally, in writing, in electronic form, by copying either at Mallee Physio or outside it, during or outside work hours, except for strictly authorised use within the patient care context at Mallee Physio or as legally directed.
- There are no degrees of privacy.
- All patient information must be considered private and confidential, even that which is seen or heard and therefore is not to be disclosed to family, friends, staff or others without the patient’s approval.
- Any information given to unauthorised personnel will result in disciplinary action and possible dismissal.
- Employees are bound by his/her privacy clause contained with the employment agreement which is signed upon commencement of employment at Mallee Physio.
- Security policies and procedures for patient information are documented.
- All information received in the course of a consultation between a therapist and the patient is considered personal health information.
- This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception. Medical information can include past medical & social history, current health issues and future medical care. It includes the formal medical record whether written or electronic and information held or recorded on any other medium e.g. Letter, fax, or electronically.
- The physical medical records (paper or electronic) and related information created and maintained for the continuing management of each patient are the property of Mallee Physio. Mallee Physio ensures the protection of all information contained therein. This information is deemed a personal health record and while the patient does not have ownership of the record he/she has the right to access under the provisions of the Commonwealth Privacy and State Health Records Acts. Requests for access to the medical record will be acted upon only if received in written format.
- Therapists shall ensure that all staff under their supervision also respects client confidentiality.
- Therapists shall keep a confidential record for every client which is complete, legible, and understandable and held securely for at least the period required by law.
- Therapists shall not disclose any information about a client to a third party without the client’s permission, unless such disclosure is required by law.
Mallee Physio & Healthy Mates only collects health information that is necessary to provide quality healthcare.
Privacy legislation stipulates that a practice should only collect health information that is necessary for its ‘functions or activities’. Mallee Physio uses fair and lawful ways to collect health information and, where reasonable and practicable, should collect health information directly from an individual. This information can be provide by the patient verbally, in writing and electronically.Clients are informed on their first attendance why information is being collected and who else it might be given to. Mallee Physio & Healthy Mates will be deemed to be collecting information if it ‘gathers, acquires or obtains information from any source and by any means’. Collection covers information kept by Mallee Physio & Healthy Mates even where Mallee Physio & Healthy Mates has not asked for the information or has come across it by accident.
Mallee Physio & Healthy Mates obtains an individual’s consent to collect health information on their initial visit. This consent may be implied or express/explicit, generally by the means of signing the consent form on the reverse on the New Patient Information Sheet.Implied consent refers to circumstances where it is reasonable for the health professional to infer that consent has been given by the client. For example, if a client presents to a physiotherapist and discloses health information which is written down by the physiotherapist during the consultation, this will generally be regarded as the client giving implied consent to the physiotherapist to collect health information for certain purposes. The extent of the purposes will usually be evident from the discussion between the physiotherapist and the client during the consultation.Express consent refers to consent that is clearly and unmistakably stated (either in writing, verbally, or in another fashion where consent is clearly communicated). Consent to the collection and handling of health information and consent to treatment are two separate authorities provided by the client.
Mallee Physio & Healthy Mates must take reasonable steps to ensure the health information it collects, uses or discloses is accurate, complete and up-to-date.
Mallee Physio & Healthy Mates protects the security of health information.
Mallee Physio & Healthy Mates must store both active and inactive health information records securely. (An inactive client health record is generally defined as the record of a client who has not attended Mallee Physio & Healthy Mates for at least two years).Mallee Physio & Healthy Mates must take reasonable steps to protect the health information it holds from misuse and loss as well as from unauthorised access, modification or disclosure.Culling of inactive client health records from the main filing system is permitted where it improves the efficient management of health information.
- All records must be stored in a secure, safe area where there is no possibility of damage by pests, vermin or environmental factors.
- Electronic records are stored both at internal organisational and registered external storage areas.
- Electronic files are safe guarded by security, with access determined by an ID system to prevent access from individuals that do not have clearance.
- Personal passwords are used to authorise access to health information
- Screensavers or other automated privacy protection devices are installed
- Regular backups of electronic information occurs and secure offsite storage arrangements for electronic backups
- Firewalls for all computers connected to the internet are installed
- Antivirus systems with provision for regular or automated updates are installed
- When stored, hard copy files must be put away in the Alphabetical system for ease of location of records to allow for ease of access by authorised staff.
- Records must be transported in a safe and confidential manner ensuring that access is only given to authorised staff.
- Health information is not stored or left visible in areas of Mallee Physio & Healthy Mates with unrestricted or unsupervised access