Privacy and Security of your Personal Health Information

This practice is bound by the Federal Privacy Act 1998 and National Privacy Principles, and also complies with the Victorian Health Records Act 2001.

‘Personal health information’ a particular subset of personal information and can include any information collected to provide a health service.

This information includes medical details, family information, name, address, employment and other demographic data, past medical and social history, current health issues and future medical care, Medicare number, accounts details and any health information such as a medical or personal opinion about a person’s health, disability or health status.

It includes the formal medical record whether written or electronic and information held or recorded on any other medium e.g. letter, fax, or electronically or information conveyed verbally.

Our practice has a designated external IT provider with primary responsibility for the practice’s electronic systems, computer security and adherence to protocols as outlined in our Computer Information Security policy.

Practice computers and servers comply with the RACGP computer security checklist and we have a sound back up system and a contingency plan to protect the practice from loss of data.

Our practice ensures that our practice computers and servers comply with the RACGP computer security checklist and that:

• Computers are only accessible via individual password access to those in the practice team who have appropriate levels of authorization.
• Computers have screensavers or other automated privacy protection devices are enabled to prevent unauthorized access to computers.
• Servers are backed up and checked at frequent intervals, consistent with a documented business continuity plan.
• back up information is stored in a secure off site environment.
• computers are protected by antivirus software that is installed and updated regularly
• computers connected to the internet are protected by appropriate hardware/software firewalls.
• we have a business continuity plan that has been developed, tested and documented.

In response to the Covid-19 outbreak, the practice is offering telehealth consultations. Our video consultations are run through Health Direct, which is a secure online audio-visual service. Patient confidentiality remains a priority for both telephone and video consultations, and we do not utilise any recording features. In accordance with Medicare requirements, our doctors only document consultation notes in a patient’s file, and do not include any audio or visual information captured, except with the express written consent of a patient.