Privacy and managing health information in general practice

Information management for patients

Notification

  1. References

Last revised: 24 May 2023

Notification


Notification requirements for collecting personal information

APP 5 requires GPs to ensure patients are aware of the collection and potential use and disclosure of their health information.

It is not necessary to notify patients during every consultation, as it is clear information is being collected. Similarly, it is not necessary to notify patients if their health information will need to be disclosed when referring to a specialist.

There will be times when the collection of health information is not obvious to the patient. For example, in some practices with complex corporate structures, the organisation ultimately collecting and holding the information might not be obvious. It is recommended practices ensure their patient privacy forms are updated to reflect this situation.

Where necessary, as appropriate, when there is a significant change to the way the practice works or the needs of the patient change, your practice should obtain renewed consent.

The notification requirements referred to in  have administrative implications for incorporated practices and practices using cloud computing (refer to module on Information transferred overseas).
 

Notification obligations

  • When collecting health information, GPs must take steps to notify the patient.
  • Notified information must include the practice’s details, the purpose for which the information was collected, who the health information can be disclosed to, and whether it will be disclosed to an overseas recipient (and if so, where).
  • If your practice is using cloud computing, ensure you have updated your consent forms and notified patients.

 

Privacy notices

Your practice should consider whether a standard privacy notice addressing would be an appropriate method of notifying patients.

A privacy notice might include information about:

  • sharing of information across a multidisciplinary medical team
  • use and disclosure of de-identified data for medical research
  • the use of patient information for GP professional development purposes or for quality improvement activities
  • how information is used for referrals to other specialists.

In some situations, a practice might need to provide additional patient health information to third parties such as insurers and this should be included in your privacy notice. This helps practices meet the requirement to take reasonable steps to notify individuals on how their information is used8  and helps manage patient expectations, promote trust and support further uses of health information for secondary purposes. (refer to section on Use and disclosure of health information).

When used appropriately, privacy notices can support patients to understand how their health information is used and disclosed.
 

Useful RACGP resource

 

  1. [Accessed 7 November 2022].
  2. [Accessed 16 January 2023].
  3. [Accessed 7 November 2022].
  4. [Accessed 16 January 2023].
  5. [Accessed 16 January 2023].
  6. [Accessed 16 January 2023].
  7. [Accessed 16 January 2023].
  8. [Accessed 8 November 2022].
  9. [date unknown] [Accessed 8 November 2022].
  10. [date unknown] [Accessed 16 January 2023].
  11. [Accessed 16 January 2023].
This event attracts CPD points and can be self recorded

Did you know you can now log your CPD with a click of a button?

Create Quick log

Advertising