Introduction

Macquarie University Hospital (MUH) is committed to protecting patients’ privacy. MUH complies with   all the applicable NSW and Commonwealth legislation and is bound by the Commonwealth National Privacy Principles (NPP) relating to confidentiality and privacy regarding information relating to patients’ health and other personal details.

1. Definitions

Personal Information- means information or an opinion, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Sensitive Information- is a subset or personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs or affiliations; philosophical beliefs, sexual preferences or practices and criminal record or health information about an individual.

Health Information- is one kind of sensitive information and includes information or an opinion:

  • About an individual’s health or disability at any time (that is past, present or future)
  • About an individual’s expressed wishes regarding future health services
  • Collected while providing a health service
  • Collected in connection with donation or intended donation of body parts and substances
  • About health services provided, or to be provided, to the individual.

This means that personal details related to the patient’s attendance (e.g. name, address, Medicare Number, billing information, admission/discharge dates), medical information, notes made by  health care personnel, identifiable biological specimens or samples, or genetic information all constitute “health information”.

2. Purpose

This policy explains how Macquarie University Hospital manages the personal and health information of patients. It also describes the types of information that is collected, held, used and disclosed.

3. Policy

Macquarie University Hospital is committed to the right to privacy and the protection of personal and health information in accordance with both the Commonwealth and State Privacy laws.

4. Procedure

Collection of Information

According to the NPPs the Hospital must:

  • Only collect health information necessary for its functions or activities
  • Use fair and lawful  ways, that are not unreasonably intrusive, to collect health information
  • Collect health information directly from an individual if it is reasonably practicable to do so ( there is an exception where it is necessary to obtain an
  • individual’s family, social or medical history, which may contain information relating to other persons)
  • Take reasonable steps, at the time of collecting health information or as soon as practicable afterwards, to make an individual aware of why the information is being collected, who it may be disclosed to, how it can be accessed etc.
  • Take reasonable steps to ensure the individual is aware of the above points even if the information is collected from someone else
  • Only collect health information with the express or implied consent of the individual concerned, unless collection is required by law or it is necessary to prevent a serious threat to the life or health of another person.

4.1 Information Privacy Policy

Macquarie University Hospital provides patients, on request with its ‘Information Privacy Policy’, which outlines what personal information is held by the hospital and how it is used, stored, accessed or corrected.    

Why does MUH collect personal information?

If an individual is to receive or has received care or a service from Macquarie University Hospital, Macquarie University Hospital will collect and hold their personal information to:

  • Gain an understanding of the individual’s needs so we may provide them with the required service  and advice
  • The patients past medical history helps MUH identify which treatments are likely to be safe and effective for the patient and reduces the likelihood of repeating tests that they have had in the past
  • Contact the individual to provide advice or information in relation to the way in which the service will be or has been provided
  • Improve the quality of MUH services
  • Administer and manage those services including charging, billing and collecting debts
  • Where required by law.

What personal information does Macquarie University Hospital collect and hold?

The information collected may include an individual’s:

  • Name
  • Date of birth
  • Occupation
  • Address (postal and email)
  • Telephone numbers
  • Medicare, health fund and health insurance cover details
  • Medical history, test results and other health information
  • Other information necessary for MUH functions and activities
  • Person to contact in the case of emergency.

New information is added to the patient’s record every time they attend or have contact with MUH.

How is the personal information collected?

Macquarie University Hospital will, if reasonable and practicable to do so, collect personal and health information directly from the patient concerned. This may take place when the patient completes documentation such as an admission form or another administrative form or when the patient gives MUH personal or health information in person or over the phone.

Macquarie University Hospital may collect personal and health information from third parties such as;

  • A  patient’s representatives (e.g. authorised representative or legal adviser)
  • A  patient’s health service provider
  • A health professional who has treated the patient
  • The  patient’s family
  • Other sources where necessary to provide a health service

Disclosing personal information

Macquarie University Hospital may disclose personal information for the purposes of:

  • Continuity of care with other health service providers involved in the patient’s treatment or diagnostic services
  • Providing a patient with further information about treatment options
  • Conveying information to a responsible person (e.g. parent, guardian, spouse) when the patient is incapable or cannot communicate, unless the patient has requested otherwise
  • Conveying information to close family members in accordance with the recognised customs of medical practice
  • Management, funding, service-monitoring, planning, evaluation and complaint handling
  • Quality assurance or clinical audit activities
  • Health insurance funding
  • Billing and debt recovery
  • Addressing liability indemnity arrangements including reporting to the hospital’s insurers and legal representatives
  • Preparing the defence for anticipates or existing legal proceeding
  • Research or compilation or analysis of statistics relevant to public health and safety
  • Activities directly related to the provision of health services to a patient where the patient would reasonably expect disclosure 

Macquarie University Hospital will only provide personal and health information for the purposes of marketing and promotional activities with the patient’s consent.

Access to and correction of information

Medical records are the property of Macquarie University Hospital Operations No2 Limited; however patients have a right to access them subject to some exceptions allowed by law.

Patients can contact the Medical record Department, Macquarie University Hospital to request access. A fee may be charged for collating and providing access to personal and health information.

Trans border data flows

The hospital may only transfer a person’s health information overseas when

  • The patient has given consent
  • The transfer is necessary for the fulfilment of a contract between the patient and the Hospital
  • The transfer is for the benefit of the patient but it is impracticable to obtain consent
  • It is believed that the information will be protected by a privacy scheme or legal provision comparable to that which exists in this country

Identifiers

In certain circumstances MUH is required, to collect government identifiers such as Medicare, pension, or Veteran’s Affairs numbers. This information will only be used or disclosed in accordance with the law.

Storing personal information

Macquarie University Hospital stores personal and health information electronically and in paper form. The security of personal and health information is important to Macquarie University Hospital and reasonable steps are taken to protect it from misuse or loss and from unauthorised access, modification or disclosure.

This is achieved by:

  • Requiring  MUH staff to maintain confidentiality
  • Implementing document storage security
  • Imposing security measures for access to MUH computers
  • Only allowing access to personal and health information where the individual seeking access has satisfied our
  • Providing a discrete environment for confidential discussions and treatment

Personal and health information is retained for the period of time determined by law and disposed of in a secure manner.

Keeping personal information accurate and up-to-date 

Macquarie University Hospital takes all reasonable steps to ensure that the personal and health information it collects uses and discloses is accurate, complete and up-to-date. However, the accuracy of that information depends largely on the quality of the information provided to the hospital. It is therefore suggested that patients:

  • Let Macquarie University Hospital know if there are any errors in their personal or health information, and
  • Keep Macquarie University Hospital  up-to-date with changes to their personal information (e.g. name ,address and contact details)

Complaints

Complaints  by patients who believe that the hospital has breached their privacy in any way or wish to discuss any issues about Macquarie University Hospital’s privacy policy , should contact the Director of Clinical Services or the Chief Executive Officer of the hospital who ill try to satisfy any questions and correct any errors on Macquarie University Hospital’s part.

If the Director of Clinical Services or Chief Executive Officer is not able to satisfactorily answer an individual’s concerns, the individual has a right to make a complaint to the Privacy Commissioner on telephone number  02 8688.8585 or in writing to:

Office of The Privacy Commissioner
Locked Bag 5111
Parramatta NSW 2124

5. References

Health Records and Information Privacy Act 2002 (NSW),
Privacy Act 1988 (C’lth)
Privacy Commissioner Website: www.privacy.gov.au

6. Related Documents

MUH Privacy and Health Information Policy Brochure for patients

7. Keywords

Privacy, Personal Information, Health Information