In this section
Royal Children's Hospital (RCH) upholds strict confidentiality of
personal information for the benefit of patients and staff. Confidentiality of
personal information provides a secure environment for the provision of quality
care and service for patients.
All employees, contractors, honorary appointments, board members, students, observers, and volunteers of the RCH.
is the right of an individual to not have personally identifiable information
disclosed to others without that individual's express informed consent.
Record is a manual or electronic record containing a patient’s health and
personal information, status, and treatment.
IBA WebPAS is the hospitals’ patient administration system.
is the electronic medical record system that was implemented at RCH in
who come into contact with or have access to patient /staff / other information have a responsibility to maintain the confidentiality of that information.
are responsible for taking appropriate action where confidentiality has been or may be breached.
8th August 2020, a shared Electronic Medical Record (EMR) between RCH, the
Royal Melbourne Hospital, The Royal Women’s Hospital and Peter MacCallum Cancer
Centre (the Parkville Health Services) allows the Parkville Health Services
to access a patient’s record if that patient has been treated at any of the
Parkville Health Services. Staff at each of the Parkville Health Services are
required to adhere to their health service’s policies and /procedures regarding
the collection, use, and disclosure of patient information, including this
procedure. Staff must only access records contained in the EMR as required as
part of their role (e.g. if involved in or supporting care and treatment of
that patient). Access to the EMR is audited regularly to monitor staff
compliance. The records may not be retained locally or deleted. They may not be
printed, disclosed, used, or amended for reasons other than patient care and
treatment and only in accordance with RCH policies and procedures.
The legal obligation of the hospital and its staff to maintain patient privacy/confidentiality is detailed in:
The legal obligation to maintain privacy/confidentiality applies to the collection, use and disclosure of personal information.
staff must not use or disclose information of a personal nature, except to the
extent that it is required, authorised or permitted under law.
Privacy Principle 1 under the Health Records Act 2001 requires that health
services before, at or near, the time of collection, notify the individual of
certain details including the organisation's contact details, the purpose of
collection, the individual's right to access health information, and the usual
patients should be provided with the "Privacy of your Personal
Information" brochure on presentation to the hospital. In accordance
with the requirements of the Health Records Act, this brochure:
a patient chooses not to disclose certain information, the patient's consent to
the use of their health information as outlined in the brochure is implied and
further written consent is not required. This arrangement is known as an
"opt out" arrangement.
a patient chooses not to consent to the disclosure of information to their GP
hospital staff need to ensure the consent for info release flag is set
correctly on IBA. Patients can change their mind at any time.
Under section 141 of the Health Services Act 1988, staff must not disclose identifying information about a patient, unless that information is:
If you are unsure whether your situation is covered, or if you have any queries, you should speak with your manager, RCH Privacy Officer or Legal Services before giving out any information.
information is given "in confidence" to the RCH about a patient
by a person other than the patient (that is a request that it not be
communicated to the patient to whom it relates) staff must:
access information if it is relevant to your work.
not divulge, copy, release, sell, loan, review, alter or destroy any personal
information unless it is part of your job. If it is part of your job to do any
of these tasks, staff are to follow the correct RCH procedure (such as putting
confidential papers in appropriate security bins).
information must be protected. All staff need to be mindful of where they carry
out discussion of patient care. Conversations regarding patients must not be
conducted in the presence of, or be heard by, unauthorised persons.
and staff information (e.g. addresses or diagnosis) must never be discussed
with friends or relatives without the appropriate consent.
information should only be discussed between -clinical staff involved in the
care and treatment of the patient.
of information may be breached when communicating personal information. Staff
should be aware of and follow the RCH procedure when using the fax or phone to
communicate personal information. Refer to procedure: Personal
Information - Security .
should be aware of situations involving young persons, whereby the patient may
not want information or details of their condition relayed to their parent/guardian.
personal information for patients and staff is protected according to the RCH
procedure. In certain circumstances patients or staff may request additional measures
to protect their personal information. Refer to procedure: EMR - Privacy Functionality in the EMR.
in this procedure shall prevent an employee from supplying appropriate personal information to the Union/Professional Body in relation to probable, threatened
or actual grievance or industrial dispute.
highest standards of confidentiality are expected within the RCH. Any
violations of the confidentiality procedure will be addressed through the
Department Manager, Human Resources and the Privacy Officer and could result in
termination of employment.
of “breaches of confidentiality" include: