Part of Central Highlands Healthcare
Lot 1 Pilot Farm Road, Emerald07 4986 7400

Our Policies

Patient Rights Policy

Interpreter Services Policy

Information Security Policies and Procedures Policy

Accreditation and Continuous Quality Improvement

Security and Privacy of Records Policy

Transfer of Health Records Policy

Patient Rights Policy

Due to the nature of general practice, GPs, clinical staff and administrative staff need to provide respectful care to patients that promote their dignity, privacy and safety.

Specifically, all staff need to:

  • have interpersonal and communication skills
  • provide a high level of customer service
  • be warm, caring, friendly, helpful and empathetic
  • identify, be sensitive toward and accommodate personal and cultural needs
  • provide non-discriminatory care
  • provide continuity of care
  • provide adequate information to help patients make informed decisions
  • respect a patient’s right to seek another opinion or alternative care
  • record all essential information in the patient’s health record
  • foster a collaborative relationship based on trust and mutual respect.

Patients must not be refused access to care on the basis of gender, race, disability, Aboriginality, age, religion, ethnicity, sexual preference or medical condition. Patients need to be encouraged to self-identify cultural background (e.g. Aboriginal and Torres Strait Islander self-identification), with this information recorded in active patient health records.

Our practice is familiar with the Federal Disability Discrimination Act 1992, as well as various State or Territory Disability Services Acts and Equal Opportunity Acts regarding anti-discrimination. Details can be found on the Human Rights and Equal Opportunity Commission website.

Additional information regarding patient privacy and the Australian Privacy Principles is available at Office of the Australian Information Commissioner.

Procedure

In our practice, we do not refuse access to care on the basis of gender, race, disability, Aboriginality, age, religion, ethnicity, sexual preference or medical condition.

In our practice, we encourage patients to self-identify cultural background (e.g. Aboriginal and Torres Strait Islander self identification) on their Patient Registration Form and this information is recorded in their health record.

Go to the Top

Interpreter Services Policy

Our practice provides a health service that accommodates a diverse multicultural population including those with disability.

Patients who do not speak English or who are more proficient in another language, have the ability to choose a professional translating service or a translator who may be a family member or friend.

Children must not be encouraged to translate on their parent’s behalf. In some situations, it may also not be appropriate for a family member or friend to translate for the following reasons:

  • Reluctance for the patient to disclose some information
  • Biased translation of information.

Our practice encourages patients to utilise the free Translating and Interpreting Service (TIS) – Doctors Priority Line (1300 131 450) for reasons including:

  • quality patient care
  • confidentiality
  • risk management
  • efficiency and effectiveness
  • impartiality
  • accuracy
  • professional conduct
  • experience

The TIS is a free service available 24 hours a day via telephone at the time of consultation or onsite at the practice if 48 hours notice is given. Further information about the TIS is available on the TIS website.

A free interpreting service is available for patients who are deaf and use Australian Sign Language (AUSLAN). Contact the National AUSLAN Interpreter Booking and Payment Service (NABS) on 1800 246 945 or the NABS website for further information.

Procedure

Our practice advises patients of translating and interpreting services by:

  • GPs
  • Reception staff
  • Clinical staff

Our practice also provides patient support materials in a variety of languages. The Practice Manager is responsible for maintaining these materials.

All doctors in this practice are registered with the Translating and Interpreting Service Translated health information is available from:

In our practice, we follow this procedure when accommodating patients who speak a language other than English:

  1. Ask the patient if they would like the use of an interpreter and offer translation services available in the practice
  2. Check the patient’s health record to see if an interpreter has been used before (if an existing patient)
  3. Record the patient’s preferred language and if they have requested an interpreter (if a new patient)
  4. Ask the patient what time they would prefer an appointment and whether they would prefer a male or female interpreter
  5. Ask the patient how they prefer to be addressed and their preferred order of name (e.g. family name first, then generation name, given name last)
  6. Record this information in the patient’s health record
  7. Make a longer appointment to accommodate interpreting time
  8. Ask the patient to repeat appointment details to confirm they have understood
  9. Contact the TIS on 1300 131 450 to book an interpreter (if requested). Advise the TIS operator of a nominated patient code for easy identification, patient name, language, preferred gender of interpreter and appointment details
  10. Ask the patient to call if they are unable to attend the appointment. Alternatively, call the patient the day before to confirm the appointment.

The Translating and Interpreting Service (TIS National) provides access to phone and onsite interpreting services in over 160 languages and dialects. Further information is available at www.tisnational.gov.au

Go to the Top

Information Security Policies and Procedures Policy

Our practice has systems in place to protect the privacy, security, quality and integrity of the data held. All staff are educated and regularly trained in our computer security policies and procedures. Our policies and procedures are a source of information to clarify roles and responsibilities, and to facilitate the orientation of new practice team members.

The RACGP Computer and Information Security Standards provide information and explanations on the safeguards and procedures that need to be followed by general practices in order to meet appropriate legal and ethical standards concerning privacy and security of patient health information. These documents also contain suggestions for additional security procedures.

Our practice has a My Health Records policy that covers the specific requirements of My Health Records Act 2012 and My Health Records Rule 2016 Our practice has the following information to support the computer and information security policies and procedures:

  • current asset register documenting hardware and software specifications and locations, network information, technical support
  • logbooks/print-outs of maintenance, backup including test restoration, faults, virus scans
  • folder with warranties, invoices/receipts, maintenance agreements.

Procedures

Practice Team Agreements

Upon employment, every practice team member is given confidentiality and privacy agreements to sign, together with an appropriate computer use agreement. These act to protect the owners of the practice in the event of legal action against the practice arising out of a security breach.

These agreements can be used to ensure that practice team members and other people working in a practice who may have access to confidential patient or business information comply with privacy and security of information as required under legislation, including the Privacy Act 1988 and the National Privacy Principles.

External Service Provider Agreements

Unique contractual arrangements are made with all external service providers including information in relation to:

  • data confidentiality
  • remote access
  • backups and restoration procedures
  • response times
  • costs
  • regular maintenance
  • audit logs
  • secure disposal of information assets
  • cloud services

My Health Records Policy

The following information is taken from My Health Records Rule 2016:

The Practice will enforce the following in relation to all its employees and any Organisation with whom we engage under an agreement/contract:

  • The manner by which the Practice authorises persons accessing the My Health Records system via or on behalf of the practice
  • The manner of suspending and deactivating the user account of any authorised person:- who leaves the practice,
  • The manner of suspending and deactivating the user account of any authorised person whose duties no longer require them to access the My Health Records system,
  • The manner of suspending and deactivating the user account of any authorised person whose security has been compromised.

Our practice ensures the following:

  • Training will be provided before a person is authorised to access the My Health Records system, including in relation to how to use the My Health Records system accurately and responsibly, the legal obligations on the practice and our staff members using the My Health Records system and the consequences of breaching those obligations.
  • The process for identifying a person who requests access to a patient’s My Health Records is clear and followed and the person’s identity is communicated to the System Operator so that the healthcare provider and the practice is able to meet its obligations.
  • Physical and information security measures are established and adhered to by the healthcare provider, the practice and people accessing the My Health Records system via or on behalf of the healthcare provider, the practice, including that user account management measures are implemented.
  • Mitigation strategies to ensure My Health Records related security risks can be promptly identified, acted upon and reported to the Practice Manager.

The Practice will authorise the staff members within its team that require access to the My Health Records system by:

  • Generating and maintaining an authorised employee register, which includes the name and HPI-I for all health care professionals working at the Practice or on behalf of the practice.
  • Registering both our HPI-O and the HPI-Is of our practitioners for publication in the Healthcare Provider Directory (HPD)
  • Recording and keeping current the credentials of all our staff who require access to the My Health Records system

For a staff member who leaves the Practice we will deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.

For a staff member whose duties no longer require them to access the My Health Records system we will deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.

For a staff member whose security has been compromised we will immediately deactivate their account by:

  • De-activating the HPI-I in our clinical software and removal of individual login details.
  • Revising our Authorised Employee Register
  • Keeping a local record of the revised Authorised Employee Register for audit trail purposes.
  • Keeping record of the details surrounding the event (e.g. who and why).
  • Pursuing the necessary disciplinary action if necessary

Training will also be conducted as new functionality is introduced into the system. We will utilise the training resources made available by the System Operator, as a minimum. To assist in ensuring training completion and audit purposes, a record is kept confirming the training completed by each authorised staff member and the date completed.

Notwithstanding any action the System Operator may take with regard to data breaches, the practice will continue to implement local staff conduct and disciplinary policies with regard to any staff unauthorised access to the My Health Records system.

Our practice will also ensure the following:

  • staff members that we authorise to access the system can be identified by either a unique local identifier or system log-in
  • the Practice has current and adequate IT system anti-viral software
  • our Disaster Recovery Plans are current and executable
  • ensure our IT systems and hardware is physically protection against unauthorised access or hacking
  • that each authorised user of the system has a secure password

We regularly review our security and procedures for accessing the My Health Records system, report the findings to management and revise our procedures accordingly.

The practice has set out a risk reporting procedure to allow staff to inform management regarding any suspected security issue or breach of the system.

All staff in the practice and any healthcare providers to whom the organisation supplies services under contract have access to this Policy. The practice will notify all personnel of changes to these Policies and Procedures when they occur.

Useful Link

Australian Privacy Principles

Go to the Top

Accreditation and Continuous Quality Improvement Policy

Our practice is committed to attaining and exceeding the 5th Edition of the RACGP Standards for General Practices, as well as committed to quality improvement activities. To develop, maintain and enhance the business and clinical management aspects of our practice, quality review activities must be used to monitor progress. These activities may include audits, routine data checks, account reviews and health record reviews.

RACGP information on the differences between the 4th and 5th edition of the Standards is attached.

Our practice aims to continually improve processes that will result in the following outcomes:

  • Improved and increased documentation of routine monitoring and specific improvements in health care
  • Increased participation in continuing education for effective and personal work output
  • Identification and resolution of actual and potential deficiencies and risks in practice administration, care and management of patients
  • Improved staff communication
  • Increased staff awareness, participation and management of patient care, occupational health and safety, infection control and medico-legal standards
  • Increased safety for staff and patients of our practice
  • Improved quality of care for patients.

Our practice is able to demonstrate an aspect of activities that has been identified for improvement, and have a planned approach for improvements. Our practice utilises the information resulting from the quality improvement outcomes and use them as part of risk assessment and management program activities. They are also documented and reviewed according to the PDSA cycle of quality as defined below.

Data about our practice population is collected and used by our practice for quality improvement. Although it is preferable to investigate our own data, where it is not easily accessible our practice utilises national registers, eg Australian Childhood Immunisation Register.

Procedure

In our practice, we identify and action areas for quality improvement by:

  • Seeking practice staff, medical practitioner and patient feedback
  • Monitoring recommendations from the Division of General Practice, AGPAL and RACGP

In our practice, we access data about our practice population by querying our database. We use this data to improve our practice population by implementing evidence-based practices.

Plan Do Study Act (PDSA) cycle of quality

A reliable methodology is needed to ensure that any quality improvement activities undertaken by our practice are successful. One such methodology is the Plan Do Study Act (PDSA) cycle.

The four steps involved in the PDSA cycle are as follows:

  1. Plan the improvement
  2. Do the improvement
  3. Study the improvement
  4. Act on any changes from the study.

Step 1 – Plan

When planning the improvement activity, the following is identified:

  • what the improvement is, who it will impact, what the outcome should be
  • who needs to be involved, who needs to be made aware, where it is documented
  • how this information will be made available to staff, how often progress will be reviewed
  • how feedback will be gathered.

Step 2 – Do

When doing the improvement activity, the following will be completed:

  • the appropriate staff involved
  • steps taken documented
  • feedback sought from all involved.

Step 3 – Study

  • When studying the improvement activity, the following is reviewed:
  • whether the improvement was successful
  • if the results met expectations
  • whether the changes were incorporated into the way staff work
  • whether further improvements need to be implemented.

Step 4 – Act

Any improvements are acted upon and reviewed as per Steps 2 and 3. If the CQI activity has been successful, our practice considers the following:

  • how the new policy and procedure will be incorporated into the way staff work
  • how staff will be made aware of the change
  • where the new activity will be documented
  • how the new activity will be monitored to ensure all staff are participating.

If the CQI activity has been unsuccessful, our practice considers the following:

  • what the activity has shown
  • what different improvements might be able to be made.

Go to the Top

Security and Privacy of Records Policy

The maintenance of privacy requires that any information regarding individual patients, including staff members who may be patients, must not be disclosed in any form (verbally, in writing, electronic forms inside/outside our practice) except for strictly authorised use within the patient care context at our practice or as legally directed.

Health records must be kept where constant staff supervision is easily provided. Personal health information must be kept out of view and must not be accessible by the public.

All patient health information must be considered private and confidential, and therefore must not be disclosed to family, friends, staff or others without the patient’s consent. This information includes medical details, family information, address, employment and other demographic and accounts data obtained via reception. Any information given to unauthorised personnel will result in disciplinary action, possible dismissal and other legal consequences. Each staff member must sign a confidentiality agreement on commencement of employment.

In addition to Federal legislation, our practice also complies with State or Territory legislation. Care must be taken that individuals cannot see computer screens showing information about other individuals. Screensavers or other methods of protecting information must be engaged.

Access to computerised patient information must be strictly controlled with personal logins and passwords. Staff must not disclose passwords to unauthorised persons. Screens need to be left cleared when information is not being used. Terminals must also be logged off when the computer is left unattended for a significant period of time. Items for the pathology couriers or other pick ups must not be left in public view.

When not in attendance, staff must ensure that prescription pads, prescription computer generated paper, letterhead, scripts, medications, health records and related patient information are out of view. They must also be stored in areas only accessible to authorised persons.Facsimile, printers and other electronic communication devices must only be accessible to authorised staff.

Procedure

In our practice, computer screens are positioned so that individuals cannot see information about other individuals, access to computerised patient information is strictly controlled with passwords and personal logins, automatic screen savers and computer terminals are logged off when the computer is left unattended for a significant period of time.

In our practice, prescription pads, prescription computer generated paper, letterhead, scripts, medications, health records and related patient information are stored in locked store cupboard in the Staff rooms.

In our practice, the facsimile, printers and other electronic communication devices are located within consult rooms and behind reception desk.

In our practice, items for pathology couriers or other pickups are left in a secure desk.

Go to the Top

Transfer of Health Records Policy

When a patient requests for their health records to be transferred to a GP outside of our practice, the GP has an obligation to provide a copy or summary of the patient health record in a timely manner to facilitate care of the patient.

Transfer of health records from our practice can occur in the following instances:

  1. When a patient asks for their health record to be transferred to another practice
  2. For legal reasons, e.g. record is subpoenaed to court
  3. Where an individual health record report is requested from another source.

Practice staff must notify the GP about all requests for patient health information. Our practice records the request by the patient to transfer patient health information on the health record, and this needs to include details as to the date, where and when the information was sent and who authorised the transfer.

The patient must provide written consent to the transfer.

For medico-legal reasons, our practice retains the original record and provides the new GP with a summary or a copy. If a summary of the patient’s health record is provided to the new GP, a copy of the summary must be kept on file for record purposes.

Our practice may choose to charge a reasonable fee to the practice or the patient for transferring the patient’s health record to another practice.

It is necessary for a doctor to become familiar with a new patient’s medical history via their health record from a previous practice. If a copy or summary of a health record is required, written patient consent must be provided to the former practice by the patient.

Our practice assists new patients by providing a consent form and posting to the former practice.

Procedure

Transfer of Health Records to Another Practice

Our practice follows this procedure when transferring health records to another practice:

  1. Advise the patient to nominate a new GP and to have the new practice send a request for transfer of medical records signed by both the doctor and patient.
  2. Send the request to the Doctor’s inbox to authorise the release of the patient’s medical record.
  3. Follow the Doctor’s instructions to generate the health summary.
  4. Where possible send the summary va “Medical Objects” as encrypted information but if not.
  5. Post or fax the health record to the requesting practice. Copies sent by post must have ‘ and Confidential’ stamped on the envelope
  6. Make a note in the patient’s health record the date and destination of the records transferred.
  7. Mark the patient’s electronic medical record as ‘archived’ and ‘inactive’.

Transfer from another practice

Our practice follows this procedure when transferring health records from another practice:

  1. Generate a request form and ask the patient to sign the form indicating consent for their previous practice to forward a copy or summary of their health record
  2. Send/fax the signed consent form to the previous practice requesting that they provide a copy or summary of the patient’s health record

Go to the Top