Written by 

Are you privacy fit in your allied health practice?

Sometimes when we are caught up in the day to day running of our practice, we can forget to ensure we have followed the right legislative and ethical procedures – not for not wanting to, but just out of pure busy-ness. Don’t be one of those statistics – a practice owner too busy to get things in order. One of the essential things to get organised is how you go about privacy in your practice.

In 2014, Australia introduced the new privacy principles (APP's - Australian Privacy Principles) that govern how a business can collect information, store it and share it. It applies not only to the management of client data in our rooms, but also to the use and storage of employee data and information. If you are not familiar with the privacy principles, there are 13 in all, and the first principle applies to having open and transparent management of personal information.

What is personal information? When we look at the privacy principles, information can be classified into sensitive and personal information.

SENSITIVE information: information or an opinion on a persons race, ethnicity, origin, political opinion, professional trade, religion, as well as health information (where 'health information' includes information collected to provide, or in providing, a health service).

PERSONAL information: information or an opinion forming part of a database (e.g. name, address, DOB, NOK). Includes bank details, photos, credit card information. You need to ask yourself “could someone find out to whom the information refers to? Could a person identify the individual from the information?” If yes, then it is personal information.

When we look at the first privacy principle, we need to ensure we have open and transparent management of personal information. Essential to this, is an up to date policy that describes how you and your practice will manage personal information. The thing you need to consider including in your privacy policy are: 

  • The kinds of personal information you will collect and keep
  • How it will be collected
  • How it will be held
  • The purposes for which it is used and disclosed to others
  • How individuals may access the information
  • How individuals may complain about a breach of the privacy principles
  • Whether you are likely to disclose information to overseas recipients and if so, which countries

You need to make sure the policy is available to clients should they wish to look at it, and you should provide the policy to them free of charge. How you do this is not defined, so it may be electronic or written. If you have administration staff and other therapy staff, it is important that they know where to find it, and know what’s in it.

This is important for two reasons. Firstly, if they are not aware of what it contains it is harder for them to understand what their obligations are. Staff training is extremely important to preventing a breach of privacy in your practice. Secondly, it is important people know the whereabouts of the policy so they can locate it easily when a client requests to read it. You may also choose to have a copy of it on your website for people to read as they wish.

If you do not have a privacy policy, start writing one now! If you have one, but have not looked at it for a while, block some time into your diary to have a review of what you have already in place. Auditing your practice is a great step to ensure you are being privacy fit, and ticking off the privacy policy is the first thing on the audit.

If you are having difficulty knowing where to start, we can help - we have helped lots of other allied health health providers get started on their policies, and also have stocked our shop with some resources! Click here to check it out.

Read 1195 times Last modified on Monday, 24 April 2017 14:36