On 12 March 2014 the Privacy Amendment (enhancing Privacy Protection) Act 2012 commenced. This amended the Privacy Act 1988 (Cth).
The previous 10 National Privacy Principles (NPPs) and Information Privacy Principles (IPPs) were replaced by 13 new Australian Privacy Principles (APPs). The APPs are largely based on the NPPs. They do however reflect the interaction of more modern technology.
The APPs apply to all health services providers (an APP entity) regardless of income/turnover. Members need to consider the APPs when collecting, using and disclosing personal information of patients, that is, sensitive information. These principles therefore apply to most areas of members’ practice.
They are more rigorous than previous principles and some review is required.
It is also important to remember that you are also bound by your State and Territory privacy legislation. For example, the States and common law regulate the health information of deceased persons.
How this affects your practice?
Investigatory powers by the Privacy commissioner are greater as well as the penalties.
This applies where there is a serious interference with the privacy of an individual or the practice repeatedly does an act or engages in a practice that is interference in the privacy of one or more individuals. An example of this would be disclosing sensitive information to a marketing organisation.
As always be vigilant in how and what personal and sensitive information is released and to whom. When in doubt contact MIPS to discuss.
AAP entities need to have an up to date and documented privacy policy
You must also have appropriate (documented) practices, policies and procedures in place. A copy of your privacy policy must be readily accessible to anyone requiring it. (AAP1).
We suggest you review your current arrangements, create a written Privacy Policy which must reflect your particular practice circumstance. Your Privacy Policy must be provided to anyone at their request.
It is also important to ensure your practice staff are trained and that your practice complies with your Privacy Policy.
Coverage from MIPS
In the usual course of matters, claims, investigation or proceedings relating to computer equipment or loss of computer data or hard copy medical records are excluded under the MIPS Members’ Medical Indemnity Insurance Policy. (Refer to the current MIPS Members’ Indemnity Insurance Policy, for What we do not insure)
Other claims, investigations or proceedings arising out of a breach of privacy or confidentiality may be considered for assistance subject to becoming an accepted notification.
You must notify MIPS for an early discussion to clarify the issue and to mitigate potential ramifications.
Resources
The RACGP, other Colleges and the Federal Government have updated APP information available to members which also includes templates for Privacy policy documentation. Suggested sites include:
RACGP
Template for compliance with APPs
Compliance indicators for APPs
Office of the Australian Information Commissioner
Quick reference tool
Privacy fact sheet – Australian Privacy Principles (AAPs)