Health Privacy Its My Business

1
Health Privacy Its My Business

• Health Records Act 2001 (Vic)
• eReferral Service
• Co-ordination System

2
(No Transcript)
3
Privacy is

• Exercising some control over who knows what about
  us.
• Privacy of the body
• Privacy of the home
• Freedom from surveillance
• Freedom from eavesdropping
• Information privacy

4
Privacy protection is a balancing act
Maximising the level of control that individuals
have over their personal information
while ensuring that the right information is
available to the right people at the right time
in the right way to enable necessary operations
and services.
5
Privacy for Victorians

Health Records Act (Vic)
Information Privacy Act (Vic)
Privacy Act (Cth)

• Covers
• All health related personal information held in
  public and private sectors

• Covers
• Federal government agencies, e.g. Centrelink
• Much of the private sector

• Covers
• All personal info handled by State govt agencies
  and local govt
• (other than health info)

6
Key Elements

• Health Privacy Principles (HPPs)
• - applicable to public and private sectors
• Right of access to personal health information in
  the private sector
• - Breen v Williams

7
Three important aspects of Privacy

• Confidentiality
• Data protection
• Consumer choice

8
Objects of the Act (s.6)

• To ensure responsible handling of health
  information
• To balance public interest in protecting privacy
  with public interest in legitimate use of
  information
• To enhance ability of individuals to be informed
  about their health care
• To promote provision of quality health services

9
Who is covered by the Act?

• Most organisations hold health information about
  individuals.
• The Act covers
• health service providers
• any other person/organisation that
  collects/handles personal health information.
  (e.g. schools, employers, churches)

10
(No Transcript)
11
What is health information?

• For health service providers it is all
  identifying personal information collected to
  provide a health service
• For non health service providers it is all
  identifying personal information about the health
  or disability of an individual.

12
Personal information means

• Information or opinion about an individual whose
  identity is apparent, or can be reasonably
  ascertained
• Does not have to be true
• Does not have to be recorded
• Includes that forming part of a database

13
Minors

• No change to current common law situation
• A minor is capable of giving informed consent
  when they achieve sufficient understanding and
  intelligence to enable him or her to understand
  fully what is proposed
• No set age, must be assessed on a case by case
  basis

14
Deceased individuals

• The Act applies in relation to the health
  information of a deceased individual who has been
  dead for 30 years or less in the same way it
  applies to the health information of a living
  person.

15
Impact of other legislation

• The Health Records Act does not override other
  legislation.
• Existing provisions in other statutes governing
  the confidentiality, use and disclosure of health
  information and those that regulate access to
  certain kinds of personal information continue to
  apply.

16
Health Privacy Principles

• Collection
• Use Disclosure
• Data Quality
• Data Security Retention
• 5. Openness
• Access Correction
• Identifiers

• Anonymity
• Trans border Data Flows
• Transfer / closure of practice of health service
  provider
• Making information available to another health
  service provider

17
HPP 1 Collection

• Only collect health information necessary for the
  performance of your functions or activities
• Generally need consent to collect health
  information (either express or implied)
• Provide a collection statement to notify those
  you collect from about what you do with the
  information and that they can gain access to it.

18
HPP 2 Use Disclosure

• Only use or disclose health information for the
  primary purpose for which it was collected or a
  directly related secondary purpose the person
  would reasonably expect.
• Other use/disclosure allowed in certain
  circumstances includes with consent.

19
HPP 3 Data Quality

• Take reasonable steps to ensure the health
  information you hold is
• accurate, complete, and up-to-date
• relevant to the functions you perform

20
HPP 4 Security Retention

• An organisation must take reasonable steps to
  protect the health information it holds from
  misuse, loss, unauthorised modification or
  disclosure.
• Retention for public sector agencies is through
  the Public Records Act.

21
HPP 5 Openness

• Organisations must have a document with clearly
  expressed policies on
• how they manage the health information they hold
  and
• the steps an individual may take to obtain access
  to health information about them held by the
  organisation

22
HPP 6 Access Correction

• Individuals have a right to seek access to heath
  information about them held in the private
  sector.
• They also have a right to correct it if it is
  inaccurate, incomplete, misleading or not
  up-to-date.
• The FOI Act continues to give individuals a right
  of access to health information about themselves
  held by public sector organisations.

23
HPP 7 Identifiers

• Only assign a number to identify a person if it
  is reasonably necessary to carry out your
  functions efficiently.
• The use of public sector identifiers by the
  private sector is limited, e.g. an organisation
  should not file records using the Medicare
  number.

24
HPP 8 Anonymity

• Give individuals the option of entering
  transactions with you anonymously, wherever this
  is lawful and practicable.

25
HPP 9Transborder Data Flows

• Only transfer health information outside Victoria
  with consent or if the organisation receiving it
  is subject to laws which are substantially
  similar to the HPPs.
• Other exceptions may also apply.

26
Role of theHealth Services Commissioner

• Education, sector-based training and information
• Handling inquiries from consumers and providers
  about their rights and responsibilities
• Making statutory guidelines under the Act (s.22)
• Resolving complaints about interference with
  privacy
• Monitoring compliance

27
HSC Complaints Process

• Many people make enquiries without lodging a
  formal complaint.
• Approx 50 of telephone inquiries result in
  lodgement of a complaint.
• Complaints must be received in writing.
• A person must have standing to make a complaint.
• Consent is obtained from complainants to send
  their complaint to the respondent.

28
HSC Complaints Process (2)

• Approx 90 of complaints are resolved informally.
• Approx 10 of complaints go to conciliation.
• If a complaint is not resolved through
  conciliation the complainant may request the
  complaint be referred to VCAT for hearing.

29
(No Transcript)
30
Health Services Commissioner

• Contact Details
• Level 30 570 Bourke Street Melbourne
• Tel 03 8601 5222
• Toll free 1800 136 066
• Website www.health.vic.gov.au/hsc
• Email hra_at_dhs.vic.gov.au
• Fax (03) 8601 5219
• TTY 1300 550 275
• DX 210182