Written by 

5 simple privacy tips for your allied health practice

In November we will be hosting our 3rd Healthy Practice event in Brisbane and one of the topics will be looking at your Privacy obligations as an allied health practitioner, and how you can ensure you maintain privacy standards in your practice. This is a topic I get asked alot about, and today I thought I would share some of the commonly underestimated areas of risk where breach of privacy can occur in our allied health practices.

 1. Hardware - by this I mean your laptop, tablet, smart phone or desk computer. These days we receive and send emails, download files and access cloud based databases on all types of devices. When you go to retire a device because you are upgrading, it is important to consider any client personal or sensitive information that may remain on that device. I always ensure I have my I.T guys properly strip all data from any device that will no longer be in use. That way, if it is somehow used again there is no risk of access to any information about your clients. It is also important to think of this before gifting a device to someone in your family - e.g. if you give an old iPad to one of your kids as you are getting a new one.

2. Discussing clients - it is important to be mindful of who you disclose client information to, as things can sometimes get blurred. Here are some examples: Firstly, the communication between therapist and practice staff (practice manager or reception staff) - be mindful that the client may not be aware that details of their treatment could be made available to other individuals within the practice. There has been a case where a complaint was made to the Privacy Commissioner by a client who felt their right to privacy had been breached from the treatment information shared with other staff. This could also apply when referring clients to other health services - make sure your consent form clearly indicates the type of information that may be shared, and, if you have obtained verbal consent only, ensure you have documented this. Secondly, it's always important to review the types of information available within earshot in the practice setting. Can other clients waiting hear phone conversations about other clients and their treatment? Finally, did you know under privacy law, you are not allowed to provide client details to a debt collection agency unless you have specifically worded your consent form to indicate this may be the case if accounts are in arrears?

3. Fax & Email - the big question! Is it okay to fax client information? Is it okay to email client information? The answer is YES to both, HOWEVER under the Privacy Act you must take reasonable steps to ensure the information is secure when transmitted. It is also important to sit down and assess the level of risk with each communication method and mitigate this risk by implementing privacy strategies in your practice. It is also important to check if your client consent form advises the client that information may be transmitted by these methods.

4. Telephone messages - quite simply, never leave a telephone message regarding a client's treatment. Simply advise you have phoned and request they phone you back.

5. Children's records - if you work with paediatric clients, you will no doubt already have in place policies and procedures regarding the release of client information. For example, who can receive reports about the client - one parent? Both parents? School or Pre-school? It is valuable to have a seperate consent form for younger clients that specifies this type of consent. When treating teenagers, consider asking their verbal consent to release information too - a simple "are you happy if I let your ... know where we are up to with your treatment"?

These are some simple areas that you can review in your own practice or service. Next week I will share with you a great resource to complete a privacy audit in your practice.

Read 1503 times Last modified on Tuesday, 20 September 2016 11:53