Our website address is: http://elthamphysio.com.au.

At Eltham Physiotherapy Centre we aim to ensure absolute confidentiality and safety of all personal health information collected regarding our patients.

Nature and scope of this practice policy

This practice policy primarily addresses the management of “personal health information” in the practice.

This practice policy covers the following areas:

• Privacy
• Third party access
• Maintaining and quality of personal information
• Access by a new physiotherapist or other practitioner
• Patient access
• Security
• Staff training
• Informing new patients
• Marketing materials

Personal health information is defined as information which concerns a patient’s health, medical history or past or present health care; and which is in a form that enables or could enable the patient to be identified.

This policy is based on the 2001 RACGP/CPMC Best Practice for the Management of Health Information in Medical Practice. The handbook is consistent with the national Principles for the Fair Handling of Personal Information in the Federal Privacy Act 1988 as amended and with AVT, Victoria and proposed NSW health Privacy Legislation.

While the policy focuses on the management of the patient’s medical record, it also relates to information recorded, for example, in billing and accounting records, pathology and medical imaging results, medical certificates and letters to and from hospitals and other doctors or specialists and authorised third parties.

We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure such as financial claims and payments, and staff training.

When you register as a patient of our practice, you provide consent for our practitioners and practice staff to obtain, access and use your personal information so they can provide you with the best possible healthcare. If we need to use your information for anything else apart from the primary purpose for which it was obtained or for a secondary purpose that is directly related to the primary purpose, we will seek additional consent from you to do this.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Retention and Culling of clinical and administration records

All hard copies of information are stored safely and securely on the premises and kept for a minimum of 7 years after final attendance at the practice.

In the case of a child, files are stored for 7 years after the final attendance after the child has turned 18 (25 years of age).

Our practice software stores some administrative and clinical records.

All electronic records are kept indefinitely and are made inactive at the discretion of the practice manager and treating practitioner or practice partner in the event the treating practitioner is unable to advise.

If necessary inactive electronic records are made active again using our computer software.

No record will be destroyed at any time without the permission of the treating practitioner or of a practice partner if the treating practitioner is no longer involved in the practice.

In the event of a practitioner being deceased or transferring out of the practice, the practice will post a notice in the practice waiting room or on the practice website informing patients OR a departing practitioner may choose to individually inform each patient, asking the patient to nominate a practitioner to whom the record should be transferred.

If the practice closes, patients will be contacted individually or, if this is not practical, a public notice will be placed in the local newspaper indicating the way in which patients should arrange for the transfer of their record to another physiotherapist.
When hard files are due to be destroyed, they are shredded as directed by the Practice Manager.

1. Privacy
All practitioners and staff will take steps to ensure that patients can discuss issues relating to their treatment and that the practitioners and other staff can record relevant personal health information, in a private setting where unauthorised people cannot access the information.

For example: practitioners will ensure that consultations are conducted in a manner that prevents conversations from being overheard. Staff will not enter a consultation area without communicating with the practitioner. Staff, other practitioners and students should not be presented during the consultation without the prior permission of the patient.

There is auditory privacy in the waiting areas. The receptionists speak softly without mentioning patient’s full name, health conditions or problems.

Consultation areas are behind closed doors to ensure patient privacy.

2. Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

3. Access to the Health record and to personal health information by practice staff and for practice research and Quality Assurance.
Only people who need to access your information will be able to do so.

Patients will be informed and consent gained if the practitioner undertakes research and quality improvement activities in which patient information is to be used.

The practitioner responsible for the activity will ensure that appropriate information is available from the reception staff for patients.

Access to identified records without patient consent may occur if this disclosure is necessary for the practitioners in the practice to carry out a review of their practice for the purpose of improving the quality of care provided and the activity has been approved under Commonwealth or State legislation or by a professional college. This may occur for example during a record audit carried out as part of practice accreditation. This provides safeguards to protect the confidentiality of the information provided.

When research projects are conducted in the practice under the approval of an institutional ethics committee, staff must be aware of the requirements to obtain consent specified in the research protocol and ensure that consent is properly obtained.

Where possible identifying information will be removed from personal health information being used for research and QA activities. Where this is not possible, internal staff accessing personal health information are aware that they are under an obligation of confidentiality not to disclose the information. Breaches of that obligation may result in dismissal. The responsible practitioner will ensure that any external researchers are also under an explicit written obligation of confidentiality with appropriate penalties for disclosure.

Other disclosure
Practitioners will only refer to patient health information relevant to their caseload or for education purposes.

Practitioners and staff will ensure that personal health information is disclosed to third parties only where consent of the patient has been obtained. Exceptions to this rule occur when the disclosure is necessary to manage a serious and imminent threat to the patient’s health or welfare, or is required by law.

Practitioners will explain the nature of any information to be provided to others about the patient, for example, in letters to referrers, other practitioners and hospitals. If appropriate the letter may be shown to the patient. In terms of a letter patient consent is implicit in their agreement to be referred by their referrer or to take the letter to a hospital or other practitioner.

Practitioners and staff will only disclose to third parties that information which is required to fulfil the needs of the recipient.

Information disclosed to Medicare or other health insurers will be limited to the minimum required to obtain insurance rebates. Information supplied in response to a court order will be limited to the matter under consideration by the court.

Information classified by a practitioner or patient as restricted will not be disclosed without the explicit consent of the patient and/or practitioner.

4. Access to the record by a new treating practitioner
Access to accurate and up-to-date information about the patient by a new treating practitioner is integral to the practitioner providing high quality health care. If a patient transfers away from the practice to another practitioner, and the patient requests that the health record is transferred, the existing practitioner will provide a copy of the record. This may incur a reasonable administration charge.

5. Patient access to records
It is practice policy that all patients have access to the health information contained on their file. The treating practitioner will provide an up-to-date and accurate summary of their health information on request or whenever appropriate.

The treating practitioner will consider in a timely manner any written request made by a patient for access to the health record itself. In doing so he/she will need to consider the risk of any physical or mental harm resulting from the disclosure of health information.

If the practitioner is satisfied that the patient may safely see the record then he/she will either show the patient the record, or arrange for provision of a copy and explain the contents to the patient.

A charge may be incurred by the patient for any copying.

6. Security
Practitioners and staff will protect personal health information against unauthorised access while it is being stored and transmitted.

Staff will ensure that patients and other visitors to the practice will not have access to the health record and that records or any other papers containing personal health information are not left where they may be accessed by unauthorised persons.

Non-clinical staff will limit their access to personal health information to the minimum necessary for the performance of their duties.

Fax, e-mail and telephone messages will be treated with security equal to that applying to health records.

Computer screens will be positioned in a way which prevents unauthorised viewing of a patient’s personal information. Staff will ensure that computers left unattended cannot be accessed by unauthorised persons.

Practitioners and staff will ensure that personal health information held in the practice is secured against loss or alteration of data.

Patient records will not be taken away from the practice except when required by clinical staff for the care of a patient and kept securely during this time. The responsible clinician will ensure that the record is returned to the practice and left in an appropriate place for filing.

Health records and other papers containing personal health information are either securely disposed of or filed promptly after each patient contact.

Our practice uses diagnostic viewer interfaces, Visage and InteleViewer to access clinical images and reports on their Picture Archiving and Communication system (PACs). Access to these interfaces are supplied to referring clinicians by the diagnostic imaging practice. Access to this system is username and password protected.

Visage also allows access via personal Apple devices (iphone/ipads).

Our practice follows the guidelines set out by the Australian Medical Association (AMA) Guide to clinical Images and the use of personal mobile devices.

Only personal devices with password protection are to be used to access clinical Images and reports.

Any clinical image or report will be deleted after saving it onto a patient health record.

Staff will ensure that the computers are secured with a password and that the building is locked when leaving.

The data on the computer system will be backed up automatically, multiple times each day. Computer systems are constantly updated with latest virus and firewall protection.

7. Staff training
On induction, all practice members are trained in the importance of confidentiality. All staff sign a confidentiality statement stating that breaching confidentiality is a dismissible offense.

8. Marketing Materials
We strive to deliver highly educational content and ways to improve your overall experience as a patient. We would like to send a periodic email from time to time to keep you updated. You can UNSUBSCRIBE to these emails by clicking the link at the bottom of the email sent to you or by advising the clinic in writing.

Policy Updates

This Policy may change from time to time and is available on our website
Current as of June 2019