The 13 APPs came into force on 12 March 2014. They regulate how personal information is dealt with by both Australian government agencies and the private sector, and cover the handling, holding, use, accessing and correction of personal information.
The APPs and the Act apply to any business that:
- provides a ‘health service’ (regardless of turnover); and
- holds any ‘health information’ (other than employee records).
- only four policies included appropriate contact information to submit access or correction requests, or to make complaints;
- only one policy appropriately advised patients how to request access to their personal information; and
- the policies did not contain some of the content required by the APPs.
- the legal name and contact details of your practice;
- the fact that your practice collects and holds health information;
- why your practice collects and holds health information (including any law that requires health information to be collected or held);
- the main consequences for your patient if your practice doesn’t collect important health information;
- other organisations (such as other medical practitioners) to which your practice usually discloses health information;
- how patients can access their health information and seek a correction of that information; and
- how patients can make a privacy related complaint about your practice and how your practice will deal with such a complaint.
Why should you take steps to comply?
Your patients are likely to consider their health information to be extremely personal and private. It will therefore give them comfort and confidence to know that their privacy and that information are properly protected.
It is important, not only for compliance but also to demonstrate patient care, for all medical practices to review their privacy policies to ensure that they comply with the Act and the APPs.
A Google search will lead you to examples or templates of privacy policies. Before applying one of them, it is important to ensure that they are tailored to your practice and how you handle personal information, and do comply with the Act and the APPs, having regard to your practice’s activities.