Privacy considerations summary

 Privacy considerations summary

This list of considerations should be used as a guide only and does not exhaustively describe the complete list of activities that should be undertaken when assessing privacy measures within your practice.

Each privacy consideration is included to guide you on what is required to address each question. The privacy considerations list is to help your practice:

  • assess its level of compliance to the laws governing health information
  • assess, achieve and maintain good privacy practice
  • identify areas requiring practice innovation and improvements, and to seek assistance where necessary.

Establishing a practice privacy policy

Does your practice have an up-to-date, accurate, accessible and freely available privacy policy?

Your practice should have a policy that defines how to handle enquiries and complaints.

Quality and content of medical records

Does your practice have processes in place to ensure it holds accurate and up-to-date data at all times, including accurate health summaries and medication lists?

Your practice should develop a policy for everyone to understand and follow regarding how data is accurately collected and safely held.

Patient consent

Does your practice have a procedure for requesting and recording patient consent?

Do your practice staff understand the requirements surrounding this?

Consent might be sought for primary and secondary uses provided they are adequately stipulated. Although inferred consent might be relied on in certain circumstances, express consent (a signature or a documented positive response to a question) should always be sought.

Collecting health information

Does your practice have defined processes to inform patients of when, what and how the practice collects health information?

Does your practice have a process or policy in place to handle requests for anonymity or pseudonymity?

This might include manual procedures, practice policies or the ability of your systems and software to handle the tasks.

Patient access to personal information

Does your practice have procedures for handling patient requests for access to and correction of their information?

These procedures include assessment of requests, refusal procedures and administration fees.

Other Toolkits

The Royal Australian College of General Practitioners acknowledges Aboriginal and Torres Strait Islander peoples as the Traditional Custodians of the land and sea in which we live and work, we recognise their continuing connection to land, sea and culture and pay our respects to Elders past, present and future.