Privacy Policies in General Practice Clinics
In the lead up to the Office of the Australian Information Commissioner’s (OAIC) Privacy Awareness Week the actions of Australia’s peak medical groups to improve the privacy practices of Australia’s General Practice (GP) clinics have been recognised by the Acting Australian Information Commissioner, Mr Timothy Pilgrim.
The OAIC’s assessment examined the content, layout and availability of GP clinics’ privacy policies. It did not consider how the procedures in the privacy policies were implemented in practice.
Notable recommendations from the OAIC’s assessment included ensuring that privacy policies are:
- Made readily available to patients at the GP clinic;
- Available on the GP clinic’s website if the GP clinic has a web presence;
- Reviewed to ensure they are clearly expressed and easy to understand;
- Drafted to include sufficient detail of the personal information that is collected and held by the GP clinic;
- Drafted to adequately cover the use of the My Health Record system (if the GP clinic utilises the My Health Record system) and inform the patient that the GP clinic may collect, use and disclose their health information for the purposes of the My Health Record system; and
- Drafted to contain adequate detail regarding the complaint resolution process.
The OAIC’s assessment found that many GP clinics could benefit from greater practical support to improve or establish privacy policies. It was assessed that practical, industry-related support is an effective means of improving privacy outcomes for practices and patients.
As a consequence of the need for industry-related support, the OAIC approached Australia’s peak medical groups including the Australian Medical Association (AMA), the Royal Australian College of General Practitioners (RACGP), the Australian College of Rural and Remote Medicine (ACRRM) and the Australian Association of Practice Management (AAPM) to help deliver training and practical solutions to assist GP clinics.
On 28 April 2016, Mr Pilgrim commended the efforts of the peak medical groups and acknowledged the importance of the collaborative approach taken between them and the OAIC. Mr Pilgrim anticipated that the collaborative approach would improve privacy management for GP clinics and their patients.
The release of the OAIC’s report in the lead up to Privacy Awareness Week, which commenced on 15 May 2016, provides a timely reminder to all general practitioners of the importance of maintaining privacy policies and understanding their obligations under the privacy legislation.
Dominique Egan, Partner
Patricia Marinovic, Solicitor