Health Information Privacy and Access

Health Information Privacy and Access

The Privacy Act (C’lth) incorporates the Australian Privacy Principles which set out requirements for the handling of personal and sensitive information, which includes health information (see definitions below). They govern information collection, storage and maintenance, and use and disclosure; as well as access by an individual to his/her information and openness about how it is managed by the institution. The APPs do not apply to de-identified information or statistical data sets, which would not allow individuals to be identified.

Definitions

Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and
  2. whether the information or opinion is recorded in an Andrews & Bernard Aged Care Advisory Pty Ltd form or not

Sensitive information is a subset of personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations; philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, and criminal record or health information about an individual. Health information is one kind of sensitive information and includes information or an opinion:

  • about an individual’s health or disability at any time (that is, past, present or future)
  • about an individual’s expressed wishes regarding future health services
  • about health services provided, or to be provided, to the individual
  • collected while providing a health service
  • collected in connection with the donation or intended donation of body parts and substances.

This means that personal details related to a patient’s attendance (e.g. name, address, Medicare number, billing information, admission/discharge dates), medical information, notes made by healthcare personnel, identifiable biological specimens or samples, or genetic information all constitute “health information”.

Collection of information

Andrews & Bernard Aged Care Advisory Pty Ltd must:

  • Only collect health information necessary for its functions or activities.
  • Use fair and lawful ways, that are not unreasonably intrusive, to collect health information.
  • Collect health information directly from an individual if it is reasonable and practicable to do so (there is an exception where it is necessary to obtain an individual’s family, social or medical history, which may contain information relating to other persons).
  • Take reasonable steps, at the time of collecting health information or as soon as practicable afterwards, to make an individual aware of why the information is being collected, who it may be disclosed to, how it can be accessed etc.
  • Take reasonable steps to ensure the individual is aware of the above points even if the information is collected from someone else.
  • Only collect health information with the express or implied consent of the individual concerned, unless collection is required by law or it is necessary to prevent a serious threat to the life or health of any person.

Information Privacy Policy

Andrews & Bernard Aged Care Advisory Pty Ltd provides patients (or any member of the public, on request) with its Information Privacy Policy, which outlines what personal information is held by the Hospital, and how it is used, stored, accessed or corrected.

Use and disclosure of information

Andrews & Bernard Aged Care Advisory Pty Ltd may use or disclose an individual’s health information where use or disclosure is:

  • for the primary purpose for which it was collected (eg provision of medical care and treatment; health fund claims)
  • for a directly-related secondary purpose that would have been within the reasonable expectations of the patient at the time (eg quality improvement activities)
  • with the consent of the individual (see Consent to Use Information below)
  • required or authorised by law
  • necessary to prevent serious and imminent threat to an individual or to public health.

Access to and correction of information

Patients have the right to access health information held about them, unless:

  • It would pose a serious threat to the life or health of any individual.
  • It would have an unreasonable impact on the privacy of others.
  • The request for access is frivolous or vexatious.
  • Denying access is required or authorised by law.
  • Access may be provided in a number of different ways. For example the patient (or his/her authorised representative) may view and discuss their records with a health service provider and/or obtain a copy of the information or a summarised report.
  • Access requests or related queries should be directed to the Privacy Coordinator who can also provide the appropriate form (ie Request to Access a Patient Record).
  • Access requests must be processed within 30 days and reasonable fees may be charged.
  • If a person requests a correction to their health information, the Hospital must either make the correction, where appropriate, or add a note to the records with details of the request. Requests for correction shall be directed to the Privacy Coordinator.

Storage and maintenance of information

Andrews & Bernard Aged Care Advisory Pty Ltd must take reasonable steps to:

  • Ensure that the health information it collects, uses or discloses is relevant, accurate, complete and up-to-date.
  • Protect the health information it holds from misuse and loss, and from unauthorised access, modification or disclosure.
  • Destroy or permanently de-identify health information when it is no longer needed or required to be kept.

Other issues

Identifiers

Andrews & Bernard Aged Care Advisory Pty Ltd must not adopt Commonwealth identifiers, such as Medicare or DVA numbers, for its own identification systems (eg hospital medical record number).

Transfer outside of Australia

Andrews & Bernard Aged Care Advisory Pty Ltd may only transfer a person’s health information overseas when:

  • The individual or organization has given consent.
  • Obligations are imposed on the external party requiring compliance with Australian Privacy

Principles

  • It is believed that the information will be protected by a privacy scheme or legal provisions comparable to what exists in this country.

Web Site Privacy – GDPR

Andrews & Bernard Aged Care Advisory Pty Ltd website may have links to other websites from time to time. Once you go to another site you are subject to the privacy policy of the new site.

Collection of Information

When you access Andrews & Bernard Aged Care Advisory Pty Ltd website, Andrews & Bernard Aged Care Advisory Pty Ltd may record your server address, domain name, the date and time of your visit, the pages viewed, the information downloaded and the frequency of visits. Andrews & Bernard Aged Care Advisory Pty Ltd may also record information about the types of browsers that are being used to visit Andrews & Bernard Aged Care Advisory Pty Ltd site. Andrews & Bernard Aged Care Advisory Pty Ltd uses this information for Web site and system administration, including monitoring to prevent security breaches, to assist Andrews & Bernard Aged Care Advisory Pty Ltd in further development and to improve the functionality of the site.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Save