1 / 44

Health Records Act 2001 (Vic)

Health Privacy it’s my business. Health Records Act 2001 (Vic). Key Elements. Right of access to health information in the private sector - Breen v Williams Health privacy principles - applicable to public and private sectors. Context. Implements Government election commitment.

oralee
Download Presentation

Health Records Act 2001 (Vic)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Health Privacy it’s my business Health Records Act2001 (Vic)

  2. Key Elements • Right of access to health information in the private sector - Breen v Williams • Health privacy principles - applicable to public and private sectors

  3. Context • Implements Government election commitment. • A companion to the Information Privacy Act (in force from 1 September 2001). The Information Privacy Act will apply to all personal information (except health information) that is collected or held by – • the Victorian public sector; and • organisations funded by the public sector.

  4. Rationalefor health specific legislation • To ensure uniformity of access and privacy standards across the public and private sectors (as consumers frequently move between the two sectors). • To ensure that standards are tailored to health information – arguably the most sensitive category of personal information - and are not capable of variation through codes of practice (cf Cwlth).

  5. Who is covered by the Act? The Act covers: • health service providers; • any other person/organisation which collects/handles personal health information. Health service providers are subject to additional standards reflecting their special relationship with consumers.

  6. Definition of ‘Health Service’ Encompasses - • activity to assess, maintain or improve an individual’s health; • activity to diagnose and treat illness, injury or disability (includes public and private hospitals, registered health practitioners); • disability, aged or palliative care service (includes physical and intellectual disability services, nursing homes and hostels); • dispensing of prescriptions (pharmacists).

  7. Information covered by the Act (1) HEALTH SERVICE PROVIDERS For health service providers, “health information” means– • all identifying personal information collected to provide a health service; • medical and other health details plus all other personal information (financial information, names of relatives etc.)

  8. Information covered by the Act (2) NON-HEALTH SERVICE PROVIDERS For other public and private organisations, “health information” means all identifying information about the health or disability of an individual: - medical and treatment details about employees kept by employers, health status or treatment details of insured persons held by insurers, health status of members held by gymnasiums etc. It does not cover other personal information such as payroll or bank account details.

  9. Key Element (1):RIGHT OF ACCESS • The Act gives individuals a right of access to health information about themselves which is held by private sector organisations. • The FOI Act will continue to give individuals a right of access to health information about themselves held by public sector organisation. • The Act makes some amendments to the FOI Act to supplement access rights under that Act, and make access rights broadly consistent between the public and private sectors.

  10. RIGHT OF ACCESS: Application • The right of access applies in full to information collected after the commencement of the Act. • More limited rights apply in respect of information collected prior to the Act’s commencement. • This reflects the fact that practitioners and other organisations have compiled records on the understanding that they would not be available to be viewed as of right by consumers.

  11. RIGHT OF ACCESS: Manner • Access to ‘new records’ (created after the Act’s commencement) can occur by way of • inspection; • provision of a copy or a summary (if the individual agrees); or • an opportunity to view the record accompanied by an explanation by the health service provider. • Where the provider agrees, access to ‘old records’ may be granted in one of the forms outlined above. If there is no agreement, the person is entitled to receive an accurate summary of the information. • There is no right of access to non-factual information in ‘old records’ (such as practitioners’ comments).

  12. RIGHT OF ACCESS: Limits Access must not be granted where – • an organisation believes on reasonable grounds that granting access would pose a serious threat to the life or health of the person making the request or or any other person; or • the information was given in confidence by another person such as a friend or relative, unless that person consents. An organisation may refuse access where – • this would have an unreasonable impact on the privacy of others; • information relates to legal proceedings and the information would not be discoverable or is subject to legal professional privilege • denying access is required or authorised by law; or • granting access would prejudice law enforcement by a law enforcement agency.

  13. RIGHT OF ACCESS: Fees • Reasonable fees can be charged by organisations to recover the costs of providing access. • No ‘lodgement fee’ may be charged. • Health service providers can charge their ‘usual consultation fee’ for explaining the contents of records to consumers. • Fees will be capped by a ceiling fixed by regulations. • http://www.dhs.vic.gov.au/ahs/healthrecords/regs.htm

  14. Draft Maximum Fees (1) AIM: -to allow reasonable cost recovery - to ensure amount does not unfairly stop a person from requesting access Access: • Preparing Summary by HSP - up to $80 • Inspection - $5 per 15mins for supervision • Reasonable costs for collation & assessing - up to $20 • A4 black & white photocopy - 20c per page • Recalling document from another location - $10 • Explanation by HSP – usual consultation fee • based on time taken

  15. Draft Maximum Fees (2) HPP 11: Making information available to another HSP - fees reflect current practice of transferring records between HSPs to ensure continuity of care • Provision of summary – up to $80 • Only if no accurate summary already exists; and • It takes at least 30 minutes to prepare summary • Copy of at least 20 A4 black & white pages – 20 cents per page

  16. Key Element (2):Health Privacy Principles (HPPs) • Based on various privacy principles that apply in Australia and other countries, reflecting worldwide trends. • Tailored to health information. • Designed to provide privacy protection, promote consumer autonomy, effective service delivery, continued improvement of health services and protection of public health and safety.

  17. Scope The eleven HPPs – • govern the life cycle of information; • cover collection, use, disclosure, quality, security and disposal of information; • are binding. A contravention of the HPPs is: “an interference with the privacy of an individual” .

  18. HPPs 1. Collection 2. Use & Disclosure 3. Data Quality 4. Data Security & Retention 5. Openness 6. Access & Correction 7. Identifiers 8. Anonymity 9. Transborder Data Flows 10. Transfer / closure of practice of health service provider 11. Making information available to another health service provider

  19. HPPs • Collection Only collect health information if necessary for the performance of a function or activity andwith consent (or if it falls within exceptions to HPP1). Notify those you collect from about what you do with the information and that they can gain access to it. An organisation must collect health information only by lawful and fair means and not in an unreasonably intrusive way. • Use & Disclosure Only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose the person would reasonably expect. Otherwise, you generally need consent.

  20. Data Quality Take reasonable steps to ensure the health information you hold is accurate, complete, up-to-date and relevant to the functions you perform • Data Security & Retention Safeguard the health information you hold against misuse, loss, unauthorised access and modification. Only destroy or delete health information in accordance with HPP 4 or other relevant law. • Openness Document clearly expressed policies on your management of health information and make this statement available to anyone who asks for it. • Access & Correction Individuals have a right to seek access to their own heath information held in the private sector, and to correct it if it is inaccurate, incomplete, misleading or not up-to-date. • Identifiers Only assign a number to identify a person if the assignment is reasonably necessary to carry out your functions efficiently. The use of public sector identifiers by the private sector is limited.

  21. Anonymity Give individuals the option of entering transactions with you anonymously, wherever this is lawful and practicable. 9. Transborder Data Flows Only transfer health information outside Victoria with consent or if the organisation receiving it is subject to laws which are substantially similar to the HPPs. • Transfer / closure of practice of health service provider If you’re a health service provider, and your business practice is being sold, transferred or closed down, without you continuing to provide services, you must give notice of the transfer or closure to past service users. • Making information available to another health service provider If you’re a health service provider, you must make health information relating to the individual available to another health service provider if requested by the individual.

  22. HPPs: Interaction with other legislation • The HPPs do not override other legislation. • Existing provisions in other statutes governing the confidentiality, use and disclosure of health information and those that regulate access to certain kinds of personal information (e.g. adoption information) have been preserved. • Specific statutory provisions will override the general standards in the Health Records Act to the extent of any inconsistency.

  23. Interaction with FOI Act • HRA contains amendments to the FOI Act, making right of access through FOI consistent with the right of access held in the private sector through the HRA. • HPP 6 provides the right to access to health information held by the private sector, whereas the FOI Act will continue to apply to the public sector.

  24. Changes to FOI • Definitions • New definitions inserted • ‘health information’ • Health Services Commissioner 2. Access • New way to access records: view information and have it explained • New charges for access to match the way access is given

  25. 3. Refusal of access on grounds of risk to individual • Current FOI provision (s33(4)): • where disclosure of ‘information of a medical or psychiatric nature’ may be ‘prejudicial’ to the person’s ‘physical or mental health or well-being’ agency may direct access be given rather to registered medical practitioner nominated by agency. • To be replaced by new provision reflecting HRA: • access to ‘health information’ must not be given where there is a belief on reasonable grounds that giving access would pose a serious threat to the person’s life or health. Also allows the person refused access to nominate a health service provider who can discuss the information with them.

  26. 4. Access to conciliation process • Conciliation process of Health Services Commissioner will be available to a person who believes they have not been given access to their health information in accordance with the FOI Act. 5. Time in which to seek review • A person denied access to health information on the grounds of a serious threat to their life or health will have 70 days in which to seek review of the decision.

  27. Changes to s.141 Health Services Act • Confidentiality provision • Remains key confidentiality provision for hospitals and community health centres • Changes to exceptions: • allows giving of information by electronic system designed for information sharing between hospitals, subject to safeguards • adds HPP 2.2(f), (h) and 2.5 as exceptions • adds additional requirement to giving of information for research purposes

  28. Balancing Rights & Other Interests • The rights of access to records and privacy conferred by the Act are not, and cannot be, absolute. • These rights must be balanced against other important public policy considerations.

  29. Eg: Use & disclosure without consent • As a general principle, consent is required BUT in some circumstances it is not practicable to seek or obtain consent. • The Act authorises a patient’s information to be used without consent where necessary for the purposes of subsequent safe and effective treatment of the patient by that organisation. • The Act authorises patient information to be disclosed without consent for the purposes of funding, management, planning, monitoring, improvement or evaluation of health services, subject to safeguards such as the requirement to take reasonable steps to de-identify the information.

  30. Exemptions Very few exemptions apply. These relate to: • the judiciary and quasi-judicial bodies when exercising their judicial or quasi judicial functions; • genuine news activities carried out by organisations whose dominant function is disseminating news; • information relating to personal, family or household affairs.

  31. Role of theHealth Services Commissioner (HSC) • Education, sector-based training and information • Handling inquiries from consumers and providers about their rights and responsibilities • Making statutory guidelines under the Act (s.22) • some needed pre-commencement: (1) collection, use and disclosure for research; (2) notification to service users on transfer/closure of practice • other guidelines may follow, depending on need • Resolving complaints about interference with privacy • Monitoring compliance

  32. HSC Complaints Process • Emphasises conciliation • Investigation where conciliation is not adequate • Informal resolution in the majority of cases • Commissioner will be able to serve compliance notices where serious breaches occur • VCAT may make binding orders

  33. Commencement of the ActTWO-PHASE APPROACH • 1 March 2002 Health Privacy Principles (HPPs) take effect as voluntary standards ONLY. • 1 July 2002 Health Records Act is fully operational and HPPs become legally binding (eg right of access; right to make complaints about post-1July actions) AIM:To give organisations reasonable opportunity to practice applying the HPPs on a voluntary basis in the lead-up to 1 July 2002, with no legal consequences from breaching the HPPs. Encouraged to apply HPPs from 1 March so get to know them.

  34. Access during 1 March-1 July 2002 • Can choose to provide access; encouraged to do so free of charge. • If subject to Cwlth Privacy law or other laws that require access to be granted, must comply with those laws. • If not subject to Cwlth Privacy law or other laws, AND choose to provide access under HPP6 AND to charge a reasonable fee, can look to current draft regulations for guidance; need to make clear to person requesting access that access is being provided by private arrangement, with no right to enforce access under HRA.

  35. Key Matters for Health Service Providers • Access (private sector) • Legislative standards for health information handling • Potential new role as ‘nominated health service provider’ HPPs are built on existing best practice.

  36. “Nominated health service provider” (1)Second opinion about ‘serious threat’ Situation • Individual is refused access to health information on grounds that granting access would pose serious threat to their life or health. • Refusing organisation may offer to discuss the information, or arrange for a HSP to do so. • If no offer to discuss, or offer not accepted, person refused access may nominate another HSP (“nominated HSP”) to assess grounds for refusal. • “Nominated HSP” must consent.

  37. “Nominated health service provider” (2) Functions: • Notify individual that NHSP will discuss reasons for refusal with the organisation refusing access. • Contact organisation to discuss the nature of its concerns. • Form an opinion on the validity or otherwise of the decision. • Explain grounds for the refusal to the individual, if appropriate. • Discuss content of the health information with the individual, if appropriate. • If satisfied access would not constitute a serious threat, allow inspection of information, and provide copy if the organisation holding the information agrees. • If not satisfied, decline to allow the individual access. * Can charge a fee (maximum to be set by regulation).

  38. HPP 10Transfer / closure of practice of health service provider • Where practice is sold or closed down & health service provider is not providing health services in the new practice. • Provider must put a notice in newspaper stating: • business is to be sold, transferred or closed down; and • what is going to happen to health information, whether to be kept or made available for transfer to another provider. • Provider must take other steps to notify individuals as specified in guidelines issued by Health Services Commissioner.

  39. HPP 11Making information available to another health service provider • Gives individuals the right to have health information held by a health service provider made available to another health service provider. • No grounds to refuse request. • Fees can be set by regulation.

  40. New Commonwealth Law Privacy Amendment (Private Sector) Act 2000 • Establishes ten National Privacy Principles (NPPs) • Covers much of the private sector - health service providers (from 21 December 2001) - businesses with a turnover of $3m or more (from 21 December 2001) - small businesses can opt-in (effective 21 December 2002) •  Codes can replace NPPs - based on principle of co-regulation - must meet minimum standard (at least equivalent to NPPs) - must be approved by the Cwlth Privacy Commissioner - can include own complaints handling procedure

  41. HRA & Cwlth Act (1) • Cwlth operates in conjunction with other Acts - Cwlth Act specifically states that it does not affect the operation of a State law concerning collection,etc of personal information and “is capable of operating concurrently with this Act.” • Similarities egs - NPPs and HPPs cover similar ground; HPPs more health focussed. - Higher standards for health service providers: • all personal information collected in the course of providing a health service is ‘health information’.

  42. HRA & Cwlth Act (2) Differences egs • HRA:- ‘health information’ specific; - more comprehensive and directive: eg specific provisions dealing with access (Part 5);HPPs 10 & 11; consent (s 85); - no alternative industry codes; - wider definition of ‘health information’ (eg includes genetic information)l - maximum fees set by regulation (Cwlth does not set fees, but any fees must not be ‘excessive’). • Access to ‘old’ records: Cwlth allows access if information in old records is used/disclosed after start of Act, UNLESS providing such access would be an unreasonable administrative burden on the organisation OR cause it unreasonable expense.

  43. Covered by Health Records Act? Covered by Cwlth Act? Employee records YES Directly related to current/former employees - NO Non-health service provider small businesses YES NO Deceased persons YES (30 yrs or less) No mention Information given in confidence by a third party Exempt from access No specific exemption MPs & political parties YES NO HRA & Cwlth Act (3)Other Differences

  44. Health Services CommissionerContact Details Level 30, 570 Bourke Street, Melbourne Tel: 03 8601 5222 Email: hra@dhs.vic.gov.au HSC website: www.health.vic.gov.au/hsc Other information: DHS website: www.dhs.vic.gov.au/privacy DHS Booklet: “Communicating with Consumers, Good Practice Guide to Providing Information” http://hna.ffh.vic.gov.au/ahs/quality/conpart.htm

More Related