13 july 2006susan joseph health privacy it’s my business health records act 2001 (vic) ereferral...
TRANSCRIPT
13 July 2006 Susan Joseph
Health PrivacyIt’s My
BusinessHealth Records Act
2001 (Vic)
eReferral Service Co-ordination System
13 July 2006 Susan Joseph
Privacy is …
Exercising some control over who knows what about us.
Privacy of the body
Privacy of the home
Freedom from surveillance
Freedom from eavesdropping
Information privacy
13 July 2006 Susan Joseph
Privacy protection is a balancing act:
Maximising the level of control that individuals have over their personal information
while ensuring that the right information is available to the right people at the right time in the right way to enable necessary operations and services.
13 July 2006 Susan Joseph
Privacy for Victorians
Privacy Act (Cth)
Health Records Act
(Vic)
Information Privacy Act
(Vic)
Covers …
•Federal government agencies, e.g. Centrelink
•Much of the private sector
Covers …
• All health related personal information held in public and private sectors
Covers …
• All personal info handled by State govt agencies and local govt
(other than health info)
13 July 2006 Susan Joseph
Key Elements
Health Privacy Principles (HPPs) - applicable to public and private sectors
Right of access to personal health information in the private sector
- Breen v Williams
13 July 2006 Susan Joseph
Three important aspects of Privacy:
1. Confidentiality2. Data protection3. Consumer choice
13 July 2006 Susan Joseph
Objects of the Act (s.6)
To ensure responsible handling of health information
To balance public interest in protecting privacy with public interest in legitimate use of information
To enhance ability of individuals to be informed about their health care
To promote provision of quality health services
13 July 2006 Susan Joseph
Who is covered by the Act?
Most organisations hold health information about individuals.The Act covers: health service providers; any other person/organisation that collects/handles personal health information. (e.g. schools, employers, churches)
13 July 2006 Susan Joseph
What is health information?
For health service providers it is all identifying personal information collected to provide a health service;
For non health service providers it is all identifying personal information about the health or disability of an individual.
13 July 2006 Susan Joseph
Personal information means:
Information or opinion about an individual whose identity is apparent, or can be reasonably ascertained
Does not have to be true Does not have to be recorded Includes that forming part of a
database
13 July 2006 Susan Joseph
Minors
No change to current common law situation: A minor is capable of giving informed
consent when they achieve sufficient understanding and intelligence to enable him or her to understand fully what is proposed
No set age, must be assessed on a case by case basis
13 July 2006 Susan Joseph
Deceased individuals
The Act applies in relation to the health information of a deceased individual who has been dead for 30 years or less in the same way it applies to the health information of a living person.
13 July 2006 Susan Joseph
Impact of other legislation
The Health Records Act does not override other legislation.
Existing provisions in other statutes governing the confidentiality, use and disclosure of health information and those that regulate access to certain kinds of personal information continue to apply.
13 July 2006 Susan Joseph
Health Privacy Principles
1. Collection2. Use & Disclosure3. Data Quality4. Data Security &
Retention5. Openness6. Access & Correcti
on7. Identifiers
8. Anonymity9. Trans border Data
Flows10.Transfer / closure of
practice of health service provider
11.Making information available to another health service provider
13 July 2006 Susan Joseph
HPP 1: Collection
Only collect health information necessary for the performance of your functions or activities
Generally need consent to collect health information (either express or implied)
Provide a ‘collection statement’ to notify those you collect from about what you do with the information and that they can gain access to it.
13 July 2006 Susan Joseph
HPP 2: Use & Disclosure
Only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose the person would reasonably expect.
Other use/disclosure allowed in certain circumstances – includes with consent.
13 July 2006 Susan Joseph
HPP 3: Data Quality
Take reasonable steps to ensure the health information you hold is:
accurate, complete, and up-to-date relevant to the functions you perform
13 July 2006 Susan Joseph
HPP 4: Security & Retention
An organisation must take reasonable steps to protect the health information it holds from misuse, loss, unauthorised modification or disclosure.
Retention for public sector agencies is through the Public Records Act.
13 July 2006 Susan Joseph
Role of theHealth Services Commissioner
Education, sector-based training and information
Handling inquiries from consumers and providers about their rights and responsibilities
Making statutory guidelines under the Act (s.22)
Resolving complaints about interference with privacy
Monitoring compliance
13 July 2006 Susan Joseph
HSC Complaints Process
Many people make enquiries without lodging a formal complaint.
Approx 50% of telephone inquiries result in lodgement of a complaint.
Complaints must be received in writing. A person must have standing to make a
complaint. Consent is obtained from complainants to
send their complaint to the respondent.
13 July 2006 Susan Joseph
HSC Complaints Process (2)
Approx 90% of complaints are resolved informally.
Approx 10% of complaints go to conciliation.
If a complaint is not resolved through conciliation the complainant may request the complaint be referred to VCAT for hearing.
13 July 2006 Susan Joseph
Health Services Commissioner
Contact Details:Level 30 570 Bourke Street MelbourneTel: 03 8601 5222Toll free: 1800 136 066Website: www.health.vic.gov.au/hscEmail: [email protected]: (03) 8601 5219TTY: 1300 550 275DX: 210182