Privacy is serious business
Businesses in the healthcare industry are privy to sensitive information about their patient’s health, treatments and medical history. This has recently been the subject of discussion in light of the new My Health Record system. There have been concerns that people who work in the healthcare system may be able to access an individual’s health records unnecessarily.
This discussion has shone a light on how important it is to have trustworthy and reliable people working in your business, particularly when it comes to the administration and handling of health records.
Privacy laws protect the individual
Healthcare professionals cannot discuss a person’s health information without their consent.
The law requires that all medical and healthcare professionals keep patient’s medical records and information private and secure. These laws apply to all businesses involved in providing healthcare services including clinics, pharmacies, hospitals, disability clinics, dietitians, optometrists and complementary health providers.
Anyone in your business who handles paperwork or is responsible for administration plays an integral role in making sure that these professional and legal obligations are met. The law covers both paper and online health records and provides that:
- Healthcare professionals cannot discuss a person’s health information without their consent. This includes information about illnesses, treatments and medications. There are some exemptions to this. For example, healthcare professionals can discuss a child’s health with their parent or guardian.
- Medical information must be collected and stored in a way that protects its privacy.
- Your business must take reasonable steps to protect online Healthcare Identifiers and make sure they are not misused, lost, modified or disclosed to anyone.
The only time that these privacy laws can be overridden is when someone’s health or safety is seriously threatened or there is a serious threat to public health and safety. Regardless, patients should always be allowed to access their own health information.
Make sure your team knows their obligations
It is important to train your staff on the new My Health Record system.
It’s important that anyone who has access to patient records understands what their obligations are. If anyone in your business breaches these rules you may lose your ability to access and use the My Health Record system.
If someone believes that any of your staff are mishandling their information they can also make a complaint to the Health Complaints Commissioner or the Office of the Australian Information Commissioner.
There are several ways that you can make sure your team understands their obligations. These include:
- Training your staff on the new My Health Record system. This should include letting them know when they can access, upload and download information to My Health Record.
- Having a process in place to provide patients with their health records if they request it.
- Putting in place a process that allows patients to consent to have their health information discussed with another health professional in certain circumstances.
- Putting in place internal practices and procedures that cover how information is stored and accessed.
- Communicating your expectations so your administrative staff know how important it is to look after people’s information.
Good record keeping not only makes sure that you meet your obligations under the law, it can also help you operate your business more efficiently. Your administrative staff are key to maintaining your records and your patient’s privacy. So, it makes sense to partner with someone who can help you find reliable and trustworthy people.