Privacy Statement

All information gained from intake forms and consultations will be used for medical record purposes only and is not accessible, without permission, to anyone other than the treating therapist.

Privacy & Confidentiality Policy

DEFINITIONS

PERSONAL HEALTH INFORMATION

This is all information received by a health practitioner while providing a health service. This includes not only medical history details but also other personal information, such as the patient's familial history & details, employment, social circumstances & next of kin information.

PRIVACY & CONFIDENTIALITY

This relates to the handling and disclosure of your ‘Personal health information’. Privacy refers to the right to control access to oneself. Privacy may also relate to information about oneself, and information privacy laws regulate the handling of personal information through enforceable privacy principles. Confidentiality relates to information only. The legal duty of confidentiality obliges health care practitioners to protect their patients against inappropriate disclosure of personal health information.

USE

The term “use” in this policy relates to the direct use of the information collected by Nurturing Lotus practice. This means access to or use of by any staff member of Nurturing Lotus.

DISCLOSURE

The term “disclosure” in this policy refers to the release of external use or access to information collected by Nurturing Lotus. This means any persons who isn’t the person the information is collected about or a staff member of Nurturing Lotus is considered external access or disclosure.

PATIENT PRIVACY RIGHTS

PATIENT DISCLOSURE

Our privacy & confidentiality policy is available for all staff & Patients upon request. It is attached to our intake form and a copy is on display in our reception area.

COLLECTION

Collection of patient health information requires patient consent always. Practitioners are to inform patients of the information they are collecting and why it is needed. A Patient retains the right to withhold any information of their choosing including their name by withholding or using a pseudonym. Patients should note it could impact the practitioner’s ability to treat any health issue effectively. At no point do we supply third party with patient information All our staff are bound by the Health Records and Information Privacy Act 2002 (HRIP Act).

USE

Patient personal health information is to be used only for the purpose it was collected for. Patient consent is required for any other use outside of this original scope. Patients can withhold consent for use or disclosure of their personal health information. We may request patient consent to provide their information to a referring health professional or third-party request. We follow the privacy act of 1988 along with the privacy amendment act of 2000. All staff also follow the Health administration act of 1982.

COLLECTION OF PERSONAL HEALTH INFORMATION

PATIENT INTAKE FORMS

Patient intake forms are to be completed at the initial consultation prior to the appointment. All information collected in this format is for the sole purpose to aid the practitioner in direct patient care.  An updated form must be completed when a change in contact details has occurred or the patient has been absent from the clinic for 2 years or longer.

CONSULTATIONS WITH PRACTITIONERS

Practitioners are to collect information during a consultation via observation, written & interview means or assessment process. This is completed in the privacy of the treatment room or via online consultations with the treating practitioner and chosen care givers. All information collected through this means is kept for the ongoing care of the patient.

All unsolicited patient information will be discarded unless it is directly related to the patient’s health and ongoing care.

REFERRING HEALTH CARE PROFESSIONALS

Further collections will take place in consultation with any referring practitioners/ specialists or allied health providers. This means that the patient file will be updated with any information from referrals such as reports, scans, hospital visits and ambulance attendances etc. Patient files will be updated by senior administration staff when information comes to the practice and/or the treating practitioner.

INFORMED CONSENT

When collecting personal health information informed consent is required. Our practitioners will go through our privacy policy and require a signed informed consent to proceed with the initial treatment. The informed consent to be signed at the initial appointment is a condensed version of our full privacy policy.

If a patient requires assistance in understanding our informed consent policy, we will provide an interpreter, or they may have a next of kin to assist them.

 

DISCLOSURE & USE OF PERSONAL HEALTH INFORMATION

THIRD PARTY REQUESTS

A request from a third party must be completed in writing and must have the patient’s/care givers signature as consent prior to documents being released to the third party. If the third party is another medical practice only information relevant to the condition being address will be release without written consent from the patient, direct to the requesting medical practitioner. An administration fee is applied for documents when permissible.

REFERRALS

Medical history information relevant for the referral required will be included in the referral by the referring practitioner.

PATIENT REQUESTS

To obtain your own records a request form must be completed. An administration fee will be applied for documents exceeding 15 pages.

Our practitioners review each request for access in compliance with the Australian Privacy Principals (APP). Our Practitioners can deny access to a patient if they reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety. If access is denied reasons will be given by way of a letter to the requesting patient or through conversation face to face, or phone.

STAFF ACCESS

Treating practitioners have full access to patient records. Non-treating practitioners do not have access to patient files, however if a transfer of care is engaged the new treating practitioner will have full access to patient files. Junior administration staff have contact detail access only. Administration staff with responsibility to update client records have limited access to patient files.

RECORD KEEPING

PATIENT RECORDS

All records must be kept for as long as the patient is being treated. If a patient has left our care, including deceased patients, records will be kept for a further seven (7) years or until the patient is 25years, whichever is longer. Digital files will be kept in archive form permanently on an external hard drive.

ALTERATIONS

Update of contact or personal details provided by the patient is accepted. All other alteration requests to records by patients or third party will be annotated by the practitioner. All original notes will remain in place. The treating practitioner will add the request by the patient however no removal of records will take place.

DESTROYING

A patient’s records will be destroyed or de-identified once they have completed care or are deceased, and the above-mentioned time frame has passed. The destroying of the records will be done via fire being sure to have no remaining information. De-identification will occur only when a patient has consented to their records being retained for research purposes.

SECURITY

DIGITAL

Online files are protected by a password access. Virus protection is also in use on all our electronic devices. Staff members only have access to the computers and passwords.

RELEASE OF DOCUMENTS

Once a request access is deemed successful the release of the documents will commence. We offer two options for the release of documents; these are indicated of the request form and should be identified upon application.

      I.        We can send hard copy of the records, dependant on the size. A copy is made on site they are stamped identifying that they are a copy. The copy is then packaged in registered post and tracked until they have reached the addressee.

     II.        The second option is an electronic release via email or sharing service. Any records being released digitally will be first encrypted with a password. The password will be given over the phone, once the person has been appropriately identified, or via an approved second email account.