Privacy policy – The Entrance Medical Centre

At the Entrance Medical Centre we work hard to ensure we keep your personal details private in line with The Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act 1988. These principals amongst other items govern how health service providers must handle, use and manage personal information.

Privacy and caring for your patient The federal Privacy Act is consistent with good treatment practices and promotes appropriate information flows within the health sector by building on existing relationships of trust between health professionals and patients.

Primary purpose for collecting health information

The Privacy Act distinguishes between the main reason that information is collected for, called the ‘primary purpose’; and other purposes, called ‘secondary purposes’. The primary purpose or main reason for collecting health information will usually be narrow, such as to diagnose and treat a particular condition or set of symptoms. Working out the primary purpose of collection should be possible from the given situation when the information is collected, even though the provider may also have other, secondary reasons in mind. NPP 2 permits health information to be used or disclosed for the primary purpose for which it was collected, without seeking the patient’s consent. Importantly though, the Privacy Act does require that individuals are told how their information will be handled.

How is your information is used under the Privacy Act?

The Entrance Medical Centre works along side the Australian health system in a multi-disciplinary team approach to healthcare. This approach often calls for health information to be shared within a ‘treating team’, or on a ‘need to know basis’, so it is important that a patient understands how this may apply to their situation. If our patient’s information is likely to be shared within a treating team, our doctor will inform the patient that such disclosures may take place. Our doctor’s will tell the patient that maybe sensitive about certain information being shared without their consent even across a treatment team, or with particular members of it.

Generally speaking, under the Privacy Act, health service providers in the private sector may only use or disclose their patients’ health information for the main reason for which it was initially collected. This is called the ‘primary purpose’ of collection. The primary purpose should be interpreted narrowly, such as to diagnose and treat a particular condition or set of symptoms. However, the Privacy Act also offers exceptions to this general rule. One exception is where the patient consents to their information being used or disclosed for another purpose. Patient’s reasonable expectations Another exception allows the use or disclosure of health information for another purpose that is directly related to the primary purpose, where the patient would reasonably expect this to happen. In healthcare, directly related purposes are likely to include anything to do with the patient’s care or wellbeing. The patient’s reasonable expectations will then dictate whether the use or disclosure for that purpose should occur. Disclosures’ for directly related purposes will often arise where a team of practitioners need to share relevant information to provide healthcare. ‘Uses’ for directly related purposes may include where a provider uses their patient’s information to treat a number of conditions, without sharing the information.

How does this affect whether a provider needs a patient’s consent to use or share information?

Health service providers in the private sector don’t always need the patient’s consent to use or disclose their health information for another, directly related purpose – as long as the patient would reasonably expect the use or disclosure that the provider has in mind to provide care. A patient’s expectations can be effectively managed through good provider-patient communication. This usually means the patient has been told the use or disclosure would happen, or they would expect it to happen because of why they gave the information to the provider in the first place. If the patient would not reasonably expect the use or disclosure that the provider has in mind, then the provider will usually need to get the patient’s consent before proceeding. Other exceptions in the Privacy Act permit disclosure without consent in certain circumstances, such as to lessen a serious and imminent threat to life, health or safety, or where the disclosure is required or authorised by law.