Jan 16, 2019
PRIVACY ACT (1993)
Q. What is the Privacy Act and what does it do?
A. The Privacy Act provides rules for the collection, use and disclosure of personal information. It regulates the handling of personal information.
Twelve principles form the Privacy Act, covering the following:
§ Collection of personal information
§ Storage and security of personal information
§ Request for access to and correction of personal information
§ Accuracy of personal information
§ Retention of personal information
§ Use and disclosure of personal information
§ Using unique identifiers
For a full breakdown of the twelve principles visit https://bit.ly/2Fvw23o
The OPC (Office of the Privacy Commissioner) is the independent body responsible for investigating privacy complaints.
By definition: - the action or process of collecting someone or something e.g. “the collection of data”
Requests for information come from other medical providers, ACC, insurance companies and law enforcement agencies. The request should be specific and have signed
You are required to provide information to the Police if a search warrant or production order is presented. The following link provides a detailed outline of your responsibilities when disclosing personal information to the Police: - https://bit.ly/2LZt7RR.
Examples of methods used for the collection of medical information.
§ Patient collects medical records
§ GPGP (electronic transfer within PMS)
§ Third Parties (Insurance companies, law enforcement)
By definition: - the action of using something or the state of being used for a purpose
The use of personal medical information should be clear from the agency or person(s) requesting the information.
An example of this would be a request from ACC for further information regarding a patient claim
By definition: - the act of making new or secret information known
Disclosure results in the satisfaction of the request and use of the information sought.
The Police or law enforcement agencies do not need to explain why they are seeking information through a voluntary request rather than by a search warrant or production order. However, they do need to provide enough information to justify the disclosure. This explanation should not prejudice the investigation or make an unwarranted disclosure of personal information.
To manage the multiple requests for information from any agencies,
Scan all requests (non-electronic) to patient records including any responses sent and annotate when processed for future reference and audit requirements.
IF IN DOUBT, DON’T GIVE OUT
Useful links for further clarification on releasing patient information: -