Privacy considerations summary
Privacy considerations summary
This list of considerations should be used as a guide only and does not exhaustively describe the complete list of activities that should be undertaken when assessing privacy measures within your practice.
Each privacy consideration is included to guide you on what is required to address each question. The privacy considerations list is to help your practice:
- assess its level of compliance to the laws governing health information
- assess, achieve and maintain good privacy practice
- identify areas requiring practice innovation and improvements, and to seek assistance where necessary.
Establishing a practice privacy policy
Does your practice have an up-to-date, accurate, accessible and freely available privacy policy?
Your practice should have a policy that defines how to handle enquiries and complaints.
Quality and content of medical records
Does your practice have processes in place to ensure it holds accurate and up-to-date data at all times, including accurate health summaries and medication lists?
Your practice should develop a policy for everyone to understand and follow regarding how data is accurately collected and safely held.
Patient consent
Does your practice have a procedure for requesting and recording patient consent?
Do your practice staff understand the requirements surrounding this?
Consent might be sought for primary and secondary uses provided they are adequately stipulated. Although inferred consent might be relied on in certain circumstances, express consent (a signature or a documented positive response to a question) should always be sought.
Collecting health information
Does your practice have defined processes to inform patients of when, what and how the practice collects health information?
Does your practice have a process or policy in place to handle requests for anonymity or pseudonymity?
This might include manual procedures, practice policies or the ability of your systems and software to handle the tasks.
Patient access to personal information
Does your practice have procedures for handling patient requests for access to and correction of their information?
These procedures include assessment of requests, refusal procedures and administration fees.