It’s time to get ‘back to basics’ to protect patient privacy

Dr Rob Hosking

3/05/2023 1:07:19 PM

Dr Rob Hosking revisits the fundamentals of managing health information in general practice, with the help of a new RACGP resource.

Patient handing over private information.
GPs are being asked to revisit the fundamentals of what it takes to protect privacy and manage health information.

General practice has a fundamental role to protect the privacy of patient health information.
It is an essential part of the doctor–patient relationship and confidentiality surrounding this relationship, distinguishing us from other health professionals who practice in less private and confidential settings.
For that reason, GPs and our general practice teams need to be across and compliant with the current legislative framework for the management of health information.
As we know, general practice is subject to rigorous privacy obligations when handling health information. Currently, the maximum civil penalty for serious or repeated breaches of privacy is $2.22 million – a figure that will soon increase.
This staggering amount reflects the significant impact and damage that privacy breaches can cause.
In my experience, working to achieve best practice in privacy management provides everyone within the practice team with the necessary skills and knowledge required to manage health information safely.
It is not just a job to leave to the practice manager or practice owners. Rather, it is everyone’s responsibility – from junior receptionist, to practice nurse, GP and any other person working in the clinic.
Every year during Privacy Awareness Week (1–7 May), we should review our processes and policies to ensure these align with the rapidly evolving data environment and remain relevant to the needs of our practice and patients.
We have all seen the big data breaches from Medibank and Optus. But every day there are small practices having small data breaches that can also have huge impacts on patients and our businesses and reputations.
And, as we know, there are many legislative frameworks to comply with, such as the Privacy Act 1988 (The Act), various Health Records Acts and the Australian Privacy Principles (APPs). These legislations may also vary between states and territories.
To simplify and explain the legislation as relevant to general practice, the RACGP has updated its resources. Personally, I’ve found this guide exceptionally useful to support the development of even more robust and relevant privacy policies at my practice.
Managing Privacy and health information in general practice
The appropriate management of health information in general practice goes beyond just privacy considerations.

We must also consider areas such as:

  • patient consent
  • patient rights
  • management and security of medical records
  • information used in medical research.
The Act regulates how most personal information is managed. It includes all 13 APPs covering the management, collection, use, integrity, security, access to and correction of personal information. At my practice, our policies reflect these to make sure all areas are considered and addressed.
Renew your practice’s understanding of privacy
Privacy Awareness Week is an annual campaign led by the Office of the Australian Information Commissioner (OAIC) that highlights the importance of protecting personal information.
This year’s campaign is calling for us to go ‘back to basics’ and revisit the fundamentals of what it takes to protect privacy and helps general practice build trust with our patients and other healthcare providers.
I support this campaign to promote the importance of strong privacy foundations and emphasise the fundamental role we as GPs play in safeguarding patient health information.
I encourage you to use Privacy Awareness Week as a reminder to review and update your practice’s privacy policies and processes. As mentioned, the RACGP has developed a suite of privacy resources to help you meet your obligations under legislation.
You can also access tips for building a strong foundation of privacy on the Privacy Awareness Week website.
We must be informed and align with privacy legislation to hold our patient's information and trust in confidence. Now is the time to refresh our knowledge, practices and policies to protect the rights of our patients and the doctor–patient partnership.
RACGP resources  Log in below to join the conversation.

cyber digital information security managing health information privacy risk assessment

newsGP weekly poll How long do you usually spend completing a review of a GP Mental Health Plan?

newsGP weekly poll How long do you usually spend completing a review of a GP Mental Health Plan?



Login to comment