Does Your Privacy Policy Measure Up?
10 Jan 2015
- are clearly expressed
- are up to date
- cover the required topics
- reflect the use of Personally Controlled Electronic Health Records (PCEHR), where relevant.
Clear expression
- Think about your audience and word it accordingly.
- Keep it simple and easy to read.
- Use the terms “you” and “us/we”, rather than “patient” and “the practice”.
- Don’t just repeat the words in the Australian Privacy Principles (APPs) – make it specific to your practice.
- Arrange information in a way that makes sense for your patients.
- Be as specific as possible.
- Provide more detail about areas of information handling that patients are most concerned about, are unaware of, won’t reasonably expect or may not understand easily.
- Seek input from your staff.
- Contact your medical indemnity insurer.
- Test it out on readers – it should be able to be easily read and understood by a 14-year-old.
Up to date
Changes to Australian privacy law came into effect on 14 March 2014, with the APPs replacing the National Privacy Principles. Your policy must reflect the current law.
A summary of the APPs is available in the OAIC’s Privacy Fact Sheet 17.3
Your policy must outline how your practice currently deals with personal information – if procedures change, your policy should also change accordingly. Regularly review and update your policy. Include the date and version number on the document.
Required topics
- the kinds of information collected or held
- how it is collected
- for what purposes it is collected, held or used
- disclosure to any other persons or agencies – identity of agencies, what is disclosed, for what purpose(s)
- the process for an individual to access the information
- where access is withheld, why and how the individual is notified
- the consent process for collection of information
- situations where consent is not required, e.g. an emergency
- the process for individuals to complain about a breach of privacy
- whether information is disclosed to overseas recipients and to what countries.
Use of Personally Controlled Electronic Health Records (PCEHR)
- what information you add to and access from patients’ eHealth record and what you do with the information
- procedures to ensure compliance with the Personally Controlled Electronic Health Records Act 2012
- how an eHealth record may be used in an emergency situation.
References
- The Privacy Act 1988 (Cth).
- Office of the Australian Information Commissioner. Guide to Developing an APP Privacy Policy. Canberra: OIC, 2014.
- Privacy Fact Sheet 17: Australian Privacy Principles. 2014. Available at: oaic.gov.au/privacy/privacy- resources/privacy-fact-sheets/other/privacy-fact- sheet-17-australian-privacy-principles.
Career complications and contending with uncertainty
Among the many challenges of the COVID-19 pandemic for junior doctors is how to respond to medical training impacts and career uncertainty. In this podcast, Dr Caroline Elton (a psychologist who specialises in helping doctors)and Dr Benjamin Veness (a Psychiatry registrar) share advice for coping with medical training and career delays, disruptions and unknowns.
10 Aug 2020
