You have a right to access your health records held by a health care professional, such as a doctor or specialist, or held by a Allied health care provider, such as a hospital, clinic or community health service. Usually the actual record, that is, the paper, the folder, the CD, etc, is kept by the health care professional or health care provider who made the record or who holds the record.
Getting access to your health record usually means the person or body holding the record gives you a copy. If you get access to your records this way, you may have to pay for the costs of making and sending you the copy. Right of access can also mean that you are allowed to look at the original record at the office of the holder of the record. Sometimes, with private doctors, you may be only given a summary of the records.
You only have a right to access records made by private health care providers after 2001 (when the Privacy Act 1988 (Cth) was expanded to include some private sector agencies).
You can transfer your health record at any time by completing a written request form available from Holdsworth House reception. An administrative fee is applicable to cover the time, materials and postal fees involved in transferring your records. This fee varies depending on the size of your health record and can be waived in special circumstances. Please advise our reception team if you are not in a financial position to pay the administration fee.
College St Specialists is dedicated to providing our patients with the highest standards of clinical professionalism, expertise and care. If you are not satisfied that we have met these standards, please send an email with the details of your concerns to our CEO: firstname.lastname@example.org. All complaint emails are acknowledged immediately and an internal investigation commences upon receipt of a complaint. A formal response is issued within 10 days from the receipt of the initial complaint. Any actions identified in the investigation will be followed up within 28 days.
If after this process there are still unresolved concerns about the level of care received at College St Specialists, you can lodge a complaint with either of the following agencies and find further information about the complaints process in the accompanying links:
NSW Health Complaints Agency: http://www.hccc.nsw.gov.au/Complaints/How-To-Make-a-Complaint/
If you are having a medical emergency or require emergency medical attention please phone the practice or call 000.
At times it may be necessary for electronic communication to occur between our practice and other health providers for example for the purpose of sending a referral. Information will only be shared if consent has been given.
All emails sent from the practice, regardless of nature contain an email disclaimer which states “This message is Private and Confidential and is meant only for the addressee. If the reader of this message is not the addressee, please notify the sender immediately by replying to this email. Inappropriate dissemination or copying of this message or part thereof is prohibited – Rainleigh Pty Ltd. Please consider the environment before printing this e-mail”
The clinical team at CSS will both access and annotate your personal health record to ensure it provides an ongoing, accurate record of your medical treatment at our Practice.
Your personal health record will be kept confidential at all times. Medical Records are only accessed by allocated staff who have the relevant permission rights.
Except where required by law, we will generally not disseminate your health record without your written consent. For full information about privacy guidelines, please visit http://www.oaic.gov.au/privacy/other-privacy-jurisdictions/state-and-territory-privacy-law
This Practice does recognise however that it may be necessary to provide information to other healthcare professionals to ensure you receive appropriate and timely healthcare. CSS reserves the right to share information with other healthcare professionals for this purpose.
If you require further information relating to how we store and use your personal information, please ask our Front Desk staff to arrange for you to speak to a member of staff.
Your health record remains the property of CSS. We adhere to Federal Guidelines on Privacy in the Health Sector, and RACP, RANZCP, APS, APC, APA, ACD, ACA Guidelines regarding confidentiality and dissemination of these records.
It is the responsibility of both the patient and the provider to ensure that all results are followed up in an appropriate and timely manner.
1. All patients are to make an appointment to return for results – allow one week for results to be back unless otherwise instructed by the provider.
2. The provider discusses with the patient, at the time of the appointment, the plan for how these results are to be followed up according to their specific health issues; this is documented in the patient notes
3. Once all results have been received, if all results are ‘normal’, it is at the provider’s discretion to telephone the patient and inform them and to cancel the appointment for results follow-up
a) The provider must ensure identification of the patient using three points for identification
b) If the telephone is answered by someone else the provider says he/she will call later
c) If the telephone is answered by a machine then the provider will call back later
4. If a result is abnormal or clinically significant then the provider should keep that result in his/her follow-up tray or equivalent electronic reminder system until the patient is seen and the result dealt with; to avoid pressure to discuss abnormal results over the phone the provider may ask staff to contact the patient and remind them to return to discuss their results
5. If the patient does not return to receive significant abnormal results then the provider must recall the patient and record this in the patients file.
For significant follow up or recalls a minimum of 3 attempts to contact the patient should be made. This can include 3 phone calls or SMS reminders, letters or combination of all. The final contact should be by registered letter which is signed by the patient as received. Include in the registered letter written information to support the patient’s understanding of the clinical significance of following up the suggested follow-up/recall. Document the above in the patient record.
Effective data breach response is about reducing or removing harm to affected individuals and protecting the interests of CSS. Eligible data breaches are dealt with on a case by case basis however typically follow a four step process:
1. Contain: If CSS confirms that a data breach has occurred we will take immediate action to limit the data breach to prevent any further compromise of personal information.
2. Assess: CSS will gather and evaluate as much information about the data breach as this will enable us to understand the risk of harm to individuals and help CSS to determine the steps to limit the impact of a data breach.
3. Notify: If CSS believes that the breach fits the definition of a notifiable data breach a statement will be prepared for the Privacy Commissioner and the affected individuals will be notified.
4. Review: Senior Management will undertake a comprehensive review of the incident and take the relevant actions to prevent further future breaches.
Assessing a suspected data breach
If CSS suspects it has experienced an eligible data breach it will act quickly to determine if one has occurred. Assessments are typically completed using the following three stage process:
1. Initiate: CSS will decide whether an assessment is necessary and identify which person or group is responsible for completing it. This is typically Senior Management and the IT Project Co-ordinator.
2. Investigate: CSS will expeditiously gather relevant information about the suspected breach to both determine if the breach occurred and if it would result in serious harm to an individual.
3. Evaluate: CSS will make a decision about whether the identified breach is an eligible data breach and notify individuals and the Privacy Commissioner as required.
CSS will take all reasonable steps to complete the assessment quickly up to a maximum of 30 calendar days.
Notifying individuals about an eligible data breach
If CSS experiences an eligible data breach its first priority is to contain the breach and take remedial action. If serious harm cannot be mitigated by remedial action CSS will notify the affected individuals at risk of serious harm and provide a statement to the Privacy Commissions.
If an eligible data breach has been confirmed CSS will notify individuals affected as soon as practicable after completing the official statement prepared for notifying the Privacy Commissioner.
Notification has the practical benefit of providing individuals with the opportunity to take steps to protect their personal information following a data breach, such as by changing account passwords or being alert to possible scams resulting from the breach. It is important that staff are capable of engaging with individuals who have been affected by a data breach with sensitivity and compassion, in order not to exacerbate or cause further harm.
Notification of an eligible data breach must include:
– The identity and contact details of the practice
– A description of the data breach
– The kind of information involved in the data breach
– Recommendations about the steps that individuals should take in response to the data breach
For a copy of our full data breach policy, please contact CEO@collegestspecialists.com.au. Please also direct any queries, complaints, or requests for access to medical records to CEO@collegestspecialists.com.au