Health Information Privacy Policy

Sumner Health Centre Health Information Privacy Policy

 

Reviewed:  04/10/2016; 24/01/2019, 27/03/2020, 06/09/2023

 

Purpose:

To ensure that clients can be confident that their health information is collected appropriately and that the privacy of that information is jealously guarded.

To comply fully with the Health Information Privacy Code 2020.

 

Responsible Staff:

Implementation: Privacy Officer

Action: All Staff

Audit: Privacy Officer

 

Audit:

Code

Cycle

(months)

Criterion

Standard

A1.3-1

12

The role of Privacy Officer is filled by a current member of staff

Yes

A1.3-2

12

The copy of the Health Information Privacy Code on file is the latest available version

Yes

A1.3-3

12

All staff have been notified of changes to the Health Information Privacy Code or this policy

100%

A1.3-4

36

Paper records held for patients with whom there has been no contact for at least 10 years have been assessed and considered for destruction.

70%

A1.3-5

36

All requests for copies of notes have been processed within 5 working days (sample of last 10 requests)

90%

A1.3-6

36

All requests for copies of notes have been processed within 20 working days (sample of last 10 requests) (legal minimum standard)

100%

 

Training Resources:

 

Health Information Privacy Code 2020

Privacy Commission Online Training Modules

 

Linked Policies:

Complaints Policy

 

Policy:

This policy is not intended to re-write or re-interpret the Health Information Privacy code, which is attached and forms an integral part of this policy. Rather, it sets out the specific measures to be taken by us to ensure that our obligations are fulfilled.

Our Obligations.

We must:

  • Only collect information that is necessary to allow us to fulfil our function.

  • Wherever possible, collect information only from the person about whom the information refers. There are exceptions – refer to The Code.

  • Inform clients about the uses to which their information is to be put.

  • Be fair in our collection of information, especially where that information is collected for purposes other that the direct benefit of the client. Clients must not be coerced into agreeing to parting with information.

  • Store information securely.

  • Provide clients with access to their own records, free of charge.

  • Ensure the information we hold is correct and that errors notified to us are corrected.

  • Ensure that information we use or share about clients is accurate, up to date, complete, relevant and is not misleading.

  • Store information only for as long as it is required.

  • Use information gathered only for the purpose for which it was originally collected. There are exceptions – refer to The Code.

  • Disclose information except where the information disclosure is authorised by the person to whom it refers. There are exceptions – refer to The Code.

  • Not assign unique idenitifers to clients or their records except where necessary.

 

Collection of Information

 

We will only collect information that is required for the purpose of patient care, monitoring quality, research or for administrative purposes.

Generally, information should be collected from the individual concerned. In the case of information given by or sought from third parties, the third parties must be made aware that the source of the information and the information itself cannot legally be withheld from the client. Where specific circumstances make it difficult to comply with this policy, Rule 2 of the Health Information Privacy Code 1994 shall apply.

Where a competent client has asked that information should not be collected, then their wishes must be respected. If the clinician feels that this would compromise the client's care, the clinician should consider referring the client to another clinician who may feel more comfortable managing the client without the information.

A Patient Information Resource is available, and published on our website, detailing the uses to which their information is put.

 

Storage of Information

 

Health information shall be stored for a minimum of 10 years after the last contact with a patient.

Where information has been scanned, received or generated electronically, it shall be stored for at least 10 years after the death of a client is notified to us, or otherwise indefinitely.

Where information is retained in paper form AND the client has not been in contact for a period of 10 years or more, any paper records should be destroyed in accordance with the Destruction of Information section of this policy.

Where information has been converted from paper into electronic form, original paper copies shall be retained only for as long as is necessary for immediate patient care.

In order to identify client records within our Practice Management System, each client shall be assigned a unique client record number. This may be used to identify the record in searches, on invoices and for the purposes of receiving payments to the correct account. The number shall be assigned serially. No member of staff shall choose a client identification number manually.

It is acceptable to ensure that clients identifying themselves as a family group and sharing an address shall be given linked record numbers provided that the first number assigned was not specifically chosen but rather, assigned automatically by the PMS.

 

Destruction of Information

 

Where information is to be destroyed, the Privacy Officer and at least one clinician must agree that the destruction of the information is appropriate and will not prejudice the care of the client.

Paper records should be destroyed by a secure paper destruction service external to the practice or by complete destruction by fire.

Electronic records should be destroyed by physical destruction of the storage medium on which they are contained except in the case where this may result in the loss of records needed for other patients in which case an accredited information security company should be contracted to delete the data permanently and securely.

Note that it is not appropriate simply to delete or wipe a storage medium. The physical medium holding the information must be destroyed in such a manner as to make information retrieval impossible, even by forensic means.

Such means include drilling or shredding of hard disk drives that may contain clinical information.  As drilling prevents access to information by those with less than nation state level facilities, it is considered an adequate means of destruction of physical media at present.

The Privacy Officer shall be responsible for overseeing or delegating the destruction of information.

 

Sharing Information

 

Clinical staff are expected to share information freely for the purposes of improving the care of clients. Care should be taken not to share information for other purposes where express consent from the client has not been obtained.

Where information is used for discussion purposes that do not benefit the client directly (or where the primary purpose of the discussion is not the benefit of the client) all identifying information must be removed. Examples include case presentations, peer group and Balint group meetings.

For use of information that does not benefit the client the client's consent must be obtained for the use of the information, even if it is rendered non-identifiable.

Where information is to be shared, clients should be made aware of the parties with whom the information is to be shared, including their contact details.

Where possible, referral letters should be constructed in the presence of the relevant client; otherwise the client should be offered a copy of their referral letter.

In the event that the author of the referral letter feels that revealing the information to the client would be harmful to the client, this should be very clearly marked in the notes along with comprehensive reasons.

Client records are shared between clinicians within the health centre. It is impracticable to prevent this sharing and may be dangerous. Where clients express a desire to have their information restricted to one clinician, they should be informed that this is not possible; they should be advised to seek a solo practice nearby where their needs may be more reliably accommodated.

 

Information Security

 

All paper records except those in immediate use shall be stored in a locked or otherwise inaccessible location.

  • Once scanned, bulk records are to be stored securely until their clinical utility has passed (usually after summarising) and then destroyed in accordance with this policy.

  • Staff must not remove identifiable patient information from the premises.

 

All computer information shall require a password for access.

 

  • All computer workstations shall be secured with a screen-saver, activated within 10 minutes of inactivity and requiring a password for access.

  • All passwords for patient data access shall be at least 5 characters in length and should include at least one non-alphabetic character.

  • Staff must not share passwords with others.

 

Electronic information shall be backed up daily to a remote site, with approved security.

 

Particular care is required for email and facsimile communication as these are a common source of privacy breaches.

Staff should be aware that email is not a secure method of communication and that emails may be held indefinitely on insecure servers. 

This includes apparently internal emails with @pegasus.net.nz domains as these may be forwarded to less secure email services.

 

  • Email should not be used for confidential information transmission from the surgery.

  • Emails containing such information MUST NOT be replied to or forwarded with any of the confidential content still in place.

  • Where organisations initiate contact by email they should be informed that this method of communication is not considered acceptable.
  • It is recognised that there is difficulty with email communication becoming more ubiquitous.  Guidance is currently conflicting with this.  Many organisations no longer posess effective ways to manage information arriving by post.  In such cases judgement will need to be exercised as to the relative risks and benefits of each episode of communication.

 

In general, if a client requests information by email then fair consideration should be given to granting the request, taking into account the nature and sensitivity of the particular information being sent.

In any case, clients should be made aware before transmission of the information that it is not being sent by secure means and such consent should be documented in the clinical notes.

Facsimile communication requires that similar effort is undertaken to ensure that the receiving number is the intended number. Recommended methods include clear lists of numbers and the use of pre-stored options for facsimile transmission.

 

Patient Information Requests

 

Where a client requests access to their medical records, the request should be approved by the clinician most closely involved with the client's care. If this would cause unreasonable delay the Clinical Director should review the case notes.

Generally, requests should be processed within 5 working days although in exceptional circumstances up to 20 working days are permitted by law.

Information should only be withheld in exceptional circumstances. Where a clinician feels that information should not be revealed to the client, this should be discussed with the Privacy Officer, the Clinical Director and possibly the practice legal advisor.

If it is felt that the information should be presented to the client personally (such as in the case of very sensitive, or possibly harmful information) then an appropriate length consultation should be arranged for the client to discuss the records with a clinician. Except in the case of discussion of recent test results, this should be offered free of charge.

Clients who request their notes should be informed of their right to have any errors corrected.

Client notes access requests, other than simple test result requests, should be recorded in the clinical notes using the screening entity NOTES (notes access request) as this aids audit.

 

Correction of Errors

 

Where a request for a correction is made by a client, the Privacy Officer should refer the matter to the person responsible for the original entry for consideration and appropriate action in the first instance, or to the Clinical Director if the original author is not readily available.

Clients should be informed of the outcome of any request to consider correction, including being offered a copy of any corrected notes. Even if a correction is not made, the fact of the request being made should be recorded.

 

Complaints

 

Complaints under the Privacy Code, shall be dealt with by the Complaints Officer, in accordance with the Complaints Policy.

 

Change record:

 

06/06/2014

 

Changed person responsible for audit from Practice Manger (deprecated role) to Privacy Officer.

Added requirement for physical destruction of storage media

Modified audit code numbers.

Minor alteration to grammar and clause sequencing not affecting meaning.

 

04/10/2016

Reviewed and considered in particular that the statement on email remains appropriate.

Added comment about @pegasus.net.nz domains not always being secure.

 

24/01/2019

Reviewed and considered in particular that the statement on email remains appropriate.

Minor wording changes to improve readability.  Meaning of content unchanged.

 

27/03/2020

Reviewed and updated training links

Added drilling as a permitted method for HDD destruction.

Updated statement on email to include need for judgement in the light of difficulties with MOH advice

 

06/09/2023

Updated to refer to 2020 code

Search form

glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587stf04