This video will run you through how to develop a privacy policy (and collection statement) for your practice. The policy is designed to cover all health and allied health practices.
Note: The template should not be copied word for word, but should instead be used as a template customised to your practice.
Privacy and confidentiality are basic rights in our society. Safeguarding those rights with respect to an individual’s personal health information is our ethical and legal obligation as healthcare providers and workers. Although doing so in today’s healthcare environment is increasingly challenging.
Having a privacy policy in place is law. It is not just a guideline or recommendation. Your practice must have a privacy policy for the management of patient health information and patients need to be informed about your practice privacy policy. It is also a good idea that your staff familiarise themselves with your policy content because they are going to get questions from patients, which they need to answer.
It is also worth noting that the Office of the Australian Information Commission has the power to conduct privacy investigations and audits. Organisations must provide their privacy policy to the OAIC upon request and make their policy available on their website, on a sign at reception, and wherever else they can.
The Office of the Australian Information Commission recently issued a media release regarding the assessment of the privacy policies of around 40 general practices in Australia. Alarmingly, they found that very few practices were fully compliant even though they had some sort of privacy policy in place. After such findings we should expect that there will be more investigations to come.
If you breach your patient’s privacy in any manner of the ways we cover off in this video, you may open yourself up to litigation, complaints and other significant penalties. There is a civil penalty of up to $107 million for corporations (the owners of your practice), but as an individual staff member you are also liable for up to $340,000 if you are deemed responsible for making a breach. A data breach occurs when personal information held by an organisation is lost, or subjected to unauthorised access, modification, disclosure or other misuse or interference.
Guidelines on the Australian policy principles will assist general practices to meet their legal obligations in relation to the collection, use and the disclosure of that health information.
The APP privacy policy must contain the following:
Practices must also have in place a collection statement, which contains prescribed information, including:
Please note, the above video combines a privacy policy and a collection statement in the one template.
If you have any questions please email: [email protected]