The Act includes 10 National Privacy Principles (NPPs), which set the minimum standards for privacy in the private health sector. The NPPs cover the whole information “lifecycle” – including collection, storage and maintenance, and use and disclosure of health information. A summary of the NPP requirements is as follows:

• The collection of the third party’s information into a patient’s social, family or medical history is necessary for the health provider to provide a health service directly to the consumer; and

• The 3^rd party’s information is relevant to the family, social or medical history of that patient.

* Implied Consent: Generally, providers may only collect health information about a patient if they consent. Where a provider collects the information directly from the patient during a consultation, usually it will be reasonable to consider that consent is implied - as long as it is clear to the patient what information is being recorded and why.

With the uptake of new technologies, it is important that an effective, health specific, privacy framework is in place. The National Health Privacy Working Group (a sub group of the Australian Health Minister’s Advisory Council) was established to develop a framework – the National Health Privacy Code, which aims to:

• Safeguard the health privacy & dignity of all individuals;

• Achieve national consistency in health privacy protection – across jurisdictions and between the public and private sectors; and

• Take into account changes in the way personal health information is handled as a result of technological change.

For a copy of the Code visit http://www.health.gov.au/pubs/nhpcode.htm 

• Advise patients about why their information is being collected – This should occur at the time of collecting the health information, either verbally, or in a written format such as a brochure. Often, the advice can be given during usual communications between patient and doctor.

• Access – Patients have a general right of access to their own health records. Access can occur in a number of different ways. A patient may:

  • Look at the information and talk through the contents with their provider;

  • Obtain a copy of the information or take notes about the content;

  • Listen to an audio recording or watch a video recording; or

  • Obtain a print-out or get an electronic copy of information stored on a computer system or database

The four page document is aimed at consumers and contains information about the 10 National Privacy Principles; who is covered by the principles, and what the basic requirements are in relation to consent, collection, use & disclosure and access & correction. Information on where to go for assistance if they feel their privacy has been breached is also included.

This Handbook is available for purchase from the RACGP, for download via the website.

The Handbook looks at “best practice” approaches to the management of health information and will be reviewed in accordance with legislative requirements as necessary. An appendix lists the minimum procedures that practices should establish. Additional procedures are also included. Sections include:

The Handbook was developed by the Royal Australian College of General Practitioners in collaboration with the Committee of Presidents of Medical Colleges and the General Practice Computing Group. A number of organisations including the Australian Medical Association (AMA) and the Australian Divisions of General Practice (ADGP) commented on drafts of the Handbook.