1. Procedure statement
The
Royal Children's Hospital (RCH) is committed to protecting the privacy of
patient and staff information. The hospital is required by law to protect
personal information and comply with the Health Records Act 2001 and other relevant legislation relating to
confidentiality and privacy. This Procedure outlines the management of personal
information at the RCH to satisfy the requirements of the legislation.
From
8th August 2020, a shared Electronic Medical Record (EMR) between RCH, the Royal
Melbourne Hospital, The Royal Women’s Hospital and Peter MacCallum Cancer
Centre (the Parkville Health Services) will allow the Parkville Health Services
to access a patient’s record if that patient has been treated at any of the
Parkville Health Services. Staff at each of the Parkville Health Services are
required to adhere to their health service’s policies and /procedures regarding
the collection, use, and disclosure of patient information, including this
procedure. Staff must only access records contained in the EMR as required as
part of their role (e.g. if involved in or supporting care and treatment of
that patient). Access to the EMR is audited regularly to monitor staff
compliance. The records may not be retained locally or deleted. They may not be
printed, disclosed, used, or amended for reasons other than patient care and
treatment and only in accordance with RCH policies and procedures.
2. Persons affected
All employees, contractors, honorary appointments, board members, studaents, observers and volunteers of the RCh and its Campus Partners, as well as membrs of the public and external organisations.
3. Definition of terms
Personal
information is information or opinion about an individual who
may be identified, directly or indirectly, by the material. It can be in any
medium including electronic or paper records, video or audio recordings,
clinical photography, x-rays, or labels on pathology samples. This definition
encompasses health information, including genetic information, as defined in
the Health Records Act 2001.
HPP
Health Privacy Principle
4. Responsibility
All
RCH staff, contractors, volunteers, and students are responsible for maintaining
privacy, confidentiality, and security of personal information. All staff are
obligated by laws to maintain the privacy of information. Disciplinary action
will be taken against staff if this Procedure has been compromised or
breached.
5. Criteria
HPP1 - Collection
The
RCH provides all patients with a copy of `The privacy of your personal
information' brochure which outlines key information about the RCH, information
handling practices and how a patient can access their information.
The
RCH only collects personal health information necessary to perform our
functions. Information will be collected by fair and lawful means, where
possible directly from the patient themselves.
Associated procedure: Personal
Information Collection.
HPP 2 - Use and Disclosure
In
general, information is only used and disclosed for the primary purpose for
which it was collected or a directly related secondary purpose. Generally, this
is for the purpose of providing care and treatment or purposes directly
related. We may use or disclose information for other purposes, which are
permitted under law. For example, to lessen or prevent a serious threat to
public health, welfare or safety. Individual patient consent is obtained for
use or disclosures for purposes that are not directly related to primary or
secondary purposes.
The
RCH normally transfers information to the local or referring doctor after a
patient is discharged or after an emergency or outpatient visit. In the event
that patients (or guardians) do not want this information to be transferred
mechanisms are in place to facilitate this request.
Information
that is de-identified, ensuring an individual's identity cannot be ascertained,
is not covered by the Health Records Act 2001 and may be used and disclosed
without consent.
Associated procedure: Personal
Information - Use and Disclosure .
HPP 3 - Data Quality
The
RCH takes reasonable steps to keep all current personal information it holds
up-to-date, accurate and complete. The RCH relies in most instances on the
patients and guardians to inform the hospital of any alterations to their
information.
HPP 4 - Data Security and Data Retention
All
reasonable measures are taken to protect personal health information within the
RCH from unauthorised access, improper use, disclosure, unlawful destruction, or
accidental loss. Our medical records and computer systems have controlled
access and only authorised staff members can gain access.
Information
that may be needed for future care of the individual or for public health
reasons will be kept securely for future retrieval.
Associated
procedures: Personal
Information - Security and Personal Information - Retention and Disposal.
HPP 5 - Openness
This
privacy procedure and the patient privacy brochure are available to anyone who
asks for further information on the RCH information handling practices.
The RCH has a complaints
process to address patient concerns relating to the care and handling of their
personal information
Consumer Experience
Liaison Officer - 9345 5676 or clo@rch.org.au.
HPP 6 - Access and Correction
Patients
are able to request access to their personal information held by the RCH, as
set out in the Freedom of Information Act 1982. In some circumstances access
may be refused and an explanation will be provided. Patients also have a right
to request an amendment to incorrect information.
HPP 7 - Identifiers
A
unique numeric identifier is allocated to each patient that attends the RCH to enable
ongoing care and treatment to be provided. Royal Children's Hospital uses a
seven-digit number.
HPP 8 - Anonymity
In
general, it is impracticable for the RCH to provide healthcare to individuals
anonymously.
Associated procedure: EMR - Privacy Functionality in the EMR.
HPP 9 - Transborder Data Flow
The
RCH will only transfer information outside Victoria in circumstances where the
information will have appropriate protection; where the transfer is necessary
for the provision of service to the individual; or where consent has been
obtained.
HPP 10 - Transfer or closure of the practice of a health service provider
In
the event the RCH or part thereof is sold, transferred, amalgamated or closed
down, health information will be handled in accordance with Health Privacy
Principle 10.
HPP 11 - Making information available to another health service provider
The
RCH will make health information relating to an individual available to another
health service provider if requested by the individual.
Associated procedures: Personal
Information - Access, Availability of Medical Records for Patient Care
and Personal
Information - Use and Disclosure.
6. Special provisions/reference documents (which may be referred to)