Privacy considerations – continued

Use and disclosure of personal information

Does your practice have a process for patients to opt in or out of marketing communications?

Ensure you communicate marketing options to your patients clearly and transparently.

Medical research

Does your practice have procedures for conducting health research, including participant consent and notification?

This includes procedures for how to deal with requests for the secondary use of data. Refer to the RACGP’s Secondary use of general practice data resource for guidance and a decision-making support tool.

Quality improvement and continuing professional development

Does your practice have procedures to record occurrences of patient information use for quality improvement and continuing professional development?

Your practice’s privacy policy should disclose whether patient information is used for continuing professional development purposes and/or for quality-improvement activities.

Information security and data retention

Does your practice offer an information security level sufficient to ensure the safe and proper protection of the information it holds?

Does your practice have a process for document classification, retention, destruction and de-identification of patient information?

This will provide documented evidence of good practice in information security, including the secure disposal and de-identification of information and proper data retention periods.

Healthcare provider identification

This occurs when sharing information identifies the practice even though the patient health information might be de-identified.

Healthcare identifiers

Do your practice staff understand the restrictions on use of healthcare identifiers?

Educate staff on the requirements of the Health Identifiers Act 2010 and other government initiatives that your practice is engaged in.

Mandatory data breach notification plan

Does your practice have a data breach response plan?

Your practice should have a regularly tested emergency response plan to deal with data breaches and a plan outlining how to, and who should, communicate a data breach.

Other Toolkits

The Royal Australian College of General Practitioners acknowledges Aboriginal and Torres Strait Islander peoples as the Traditional Custodians of the land and sea in which we live and work, we recognise their continuing connection to land, sea and culture and pay our respects to Elders past, present and future.