Our Privacy policy
All staff must comply with the following rules when collecting, using, storing or disclosing information about patients’ health or the treatment that they are receiving.
Collecting health information
When you collect health information from patients you must:
- only collect the information for the purpose of treating the patient or for some other legal purpose;
- collect the information directly from the patient unless he/she has consented to you collecting the information from someone else or one of the other exceptions to this rule applies; and
- let the patient know why you are collecting the information, who will have access to the information and that the patient is entitled to access and correct the information. You will not need to tell patients this if you have collected the same type of information from them before.
Using health information
Before using patients’ health information you must do what you can to make sure that the information is accurate and up to date. The steps that you will need to take will vary depending on how old the information is and the risk of relying on inaccurate information in the circumstances.
You must only use patients’ health information for the purpose for which you have collected the information unless the patient has consented to you using the information for another purpose, or one of the other exceptions in the Health Information Privacy Code applies.
You must consult our practice’s Privacy Officer before using a patient’s health information without the patient’s consent.
Storing health information
You must ensure that the health information that our practice holds is stored securely so that it cannot be accessed or used by unauthorised people.
When you transfer patients’ health information to someone else, you must do what you can to prevent unauthorised people from accessing or using the information.
Our practice can keep patients’ health information for as long as we need the information to treat patients and must keep patients’ health information for a minimum of 10 years from the date that treatment was last provided.
Our practice must destroy patients’ health information in a way that ensures the confidentiality of the information. All patient health information to be destroyed must be marked as “Shred” or placed directly in the Document Shredding bin.
Patients are entitled to ask our practice to confirm whether we hold information about them and to access the information unless we have lawful reasons for withholding the information.
Patients are also entitled to ask our practice to correct the information that we hold about them.
You must assist patients who ask to access their health information.
Disclosing health information
You must not disclose a patient’s health information without his/her consent (or the consent of his/her representative) unless you reasonably believe that it is not possible for you to get the patient’s consent and:
- the disclosure is for the purposes of the patient’s treatment (e.g. a referral);
- the disclosure is to the patient’s caregiver and the patient hasn’t objected to the disclosure;
- it is necessary for you to disclose the information to prevent a serious and immediate threat to the patient or another person’s life or health;
- the disclosure is made for the purposes of a criminal proceeding;
- the patient is, or is likely to become dependent on a drug that you need to report under the Misuse of Drugs Act or the Medicines Act;
- the disclosure is to a social worker or the police and concerns suspected child abuse;
- the disclosure is made by a doctor to the Director of Land Transport Safety and concerns the patient’s ability to drive safely.
There are other situations where disclosure without consent may be justified, such as disclosing information to agencies such as CYFS and the Police. You must discuss any proposed disclosure with our practice’s Privacy Officer before disclosing the information.
You must consult with our practice’s Privacy Officer before disclosing a patient’s health information without his/her consent.
Verbal consent
When a patient verbally consents to you or your practice disclosing information about his/her health to another person (including other health providers) make sure that:
- the patient is competent to consent;
- the patient understands why you are disclosing his/her information; and
- the patient has been informed about all of the people to whom you are disclosing his/her information.