From 21 December 2001 health service providers covered by the federal Privacy Act needed to comply with ten National Privacy Principles that allow for individuals to exercise new rights and choices about how their personal and health information is handled in the private health sector. The Act also gives people these rights over personal information held by other private sector organisations.
Health information is defined in both Federal and State Acts as information or opinion about a client regarding such things as wellbeing, disabilities, health services provided or to be provided, and personal information generally. This also includes details such as a person's name, address, account details, Medicare number and health service appointments.
In general a health service provider is required to:
- collect only the information necessary to deliver the health service;
- collect lawfully, fairly and not intrusively; and
- obtain a persons consent to collect health information about them. This consent may be express or explicit.
Our practice needs to ensure that consumers are informed about why their health information is being collected, who is collecting it, and how it will be used, to whom it may be given and that they can access it if they wish.
Privacy legislation stipulates that a practice should only collect information that is necessary for the practice's functions or normal activities.
The practice uses fair and lawful ways to collect health information and, where reasonable and practicable, collects health information directly from an individual.
The practice takes reasonable steps to make a client understand why information is being collected and who else it might be given to.
The practice is deemed to be collecting information when it gathers, acquires or obtains information from any source and by any means. Collection covers information kept by the practice even where the practice has not asked for the information or has come across it by accident.
In general, the practice should obtain an individuals consent to collect health information. This consent may be implied or express/explicit.
Implied consent refers to circumstances where it is reasonable for the health professional to infer that consent has been given by the client. For example, if a client presents to a physiotherapist and discloses health information which is written down by the physiotherapist during the consultation, this will generally be regarded as the client giving implied consent to the physiotherapist to collect health information for certain purposes. The extent of the purposes will usually be evident from the discussion between the physiotherapist and the client during the consultation.
Express consent refers to consent that is clearly and unmistakably stated (either in writing, orally, or in another fashion where consent is clearly communicated).
Consent to the collection and handling of health information and consent to treatment are two separate authorities provided by the client.
During the course of your treatment we may request permission to take photographs of you. These are to assist your treatment planning, exercise prescription and to record progress.
Use and Disclosure
Use of health information refers to the handling of client information within a practice. Disclosure refers to the transfer of information outside the practice.
A health service provider may use or disclose health information:
- for the main reason it was collected (the primary purpose); or
- for directly-related secondary purposes, if the consumer would reasonably expect these; or
- if the consumer gives consent to the proposed use or disclosure; or
- if one of the other provisions under this principle applies.
Directly-related secondary purposes may include:
- Necessary information sharing for referral to another health provider
- Billing or debt recovery
- Reporting an adverse event to an insurer
- Disclosure to a lawyer for the defence of legal proceedings
- Quality assurance or clinical audit activities which seek to improve a clinical service.
Other purposes for use or disclosure of health information
The practice should only use and disclose health information for other than primary or directly related secondary purposes, if the client gives consent (express or implied) or if an exception applies. Exceptions include uses or disclosures required or authorised by law; uses or disclosures necessary to manage a threat to someone’s life, health or safety; and uses or disclosures for research provided certain conditions are met.
Health professionals in the practice must use or disclose health information if the law requires them to do so. For example, health professionals are required to report child abuse (under care and protection laws) and notify the diagnosis of certain communicable diseases (under public health laws).
If a health professional is served with a subpoena or other form of Court order requiring the production of documents to the Court they are generally required to supply the documents. If a health professional is concerned about how to proceed, they can seek advice from the Registrar of the Court or Tribunal which issued the order or from a lawyer.
Training and education
The use of health information for training and education will usually require the client’s consent. Where consent is sought, the individual should have a genuine choice and not be pressured to agree. If the practice uses de-identified health information for training, client consent is not required.
Public health and safety research and statistics
The practice may use or disclose health information without consent for research or statistics that are relevant to public health or safety. The health information may be used or disclosed only if:
- the activities cannot be undertaken with de-identified data
- seeking consent is impracticable
- the activities are carried out in accordance with guidelines of the National Health and Medical Research Council
- the practice reasonably believes the organisation to which the health information is disclosed will not further disclose it.
Transfer of information to another health service provider
If a client wants to transfer to a physiotherapist in another practice, they can authorise the disclosure of health information from the original practice to a new practice. A copy of the health information could be transferred in this way. For medico-legal reasons, our practice retains the original record and provides the new physiotherapist with a summary or a copy. If a summary of the client’s health record is provided to the new physiotherapist, a copy of the summary should be kept on file for record purposes.
Our practice charges a reasonable fee to the practice or the client for transferring the client’s health record to another practice.
Client health information that is transmitted electronically over a public network such as the internet can pose significant privacy risks. It is technically possible for a third party to intercept and read emails or for emails to be inadvertently sent to the wrong person. Practices should not transfer client information by email unless it is encrypted.
If the original practice declines to transfer the health information, the client may seek access to the information, request a copy and then take it to the new practice.
Use of health information for practice marketing purposes:
The APA contends that advertising which seeks to inform the public on the scope and availability of physiotherapy services is appropriate. The APA supports the Australian Competition and Consumer Commission (ACCC) position that advertising offers a rich source of information which allows consumers to make informed decisions around their treatment choices and to compare physiotherapy services with a range of professions. Advertising that complies with the Trade Practices Act (1974)1 and provides consumers with choice should be encouraged amongst the profession.
Everyone hates being bombarded with ads for things they don't need or have any interest in. We may use your personal information to send you advertising that is customised or more relevant to your interests, characteristics or general location. This doesn't necessarily mean you'll get more advertising. It just means that the advertising that you see will hopefully be more relevant to you. We may advertise by mail, phone, email, text, and online via the internet and in apps.
We'll make sure that any marketing emails, texts and letters we send you clearly tell you how to opt out, or you can tell our admin staff.
You can opt out of receiving online relevant advertising material at any time by clicking on the unsubscribe button displayed on digital advertising material.
We are committed to ensuring any information you provide is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard and secure the information we collect online.
How we use the cookies
A cookie is a small file, which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can then tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages on the website are being used, to help us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use the information collected for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Control your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by emailing us at email@example.com
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required to by law. We may use your personal information to send you promotional information about third parties, which we think you may find interesting if you tell us you wish this to happen.
www.inbalancephysio.com.au may contain links to other websites. In-balance Physiotherapy and Pilates is not responsible for the privacy policies or practices of any third party.