HOW WE COLLECT, USE, STORE, DISPOSE AND DISCLOSE INDIVIDUAL PATIENT INFORMATION
COLLECTION
• Every patient who enrols with us is given a Health Information Privacy Statement to read. A copy of this statement is in this file on privacy. When the patient enrols, they sign that they have read and agree with the Health Information Privacy Statement. If the patient wishes, they can keep this copy of the Health Information Privacy Statement.
• A copy of Health Information Privacy Statement is on the noticeboard.
USE
• The medical and other information collected and entered in a patient’s computer notes are for the purpose of providing that patient with good general practice medical care.
• Access to the practice computers is via a unique password known only to that user.
• A screen saver is on each computer so that after fifteen minutes of non-use the computer screen goes in to screen saver mode, and requires the staff member to enter back in to the computer with their password, to reactivate the computer.
• Staff sign a confidentiality agreement.
• Any contractors to the practice eg computer technicians, cleaning staff, sign a confidentiality agreement.
• The premises are locked and alarmed out of working hours.
STORAGE
• Our notes are computerised. This means that patient data including consultation is entered in the patient electronic record.
• Paper copies of information we receive, eg specialist letters about a patient, or paper previous gp notes are scanned into the patient electronic record and then confidentially disposed of.
• Patient records are stored for ten years from the date of last contact with a patient.
DISCLOSURE
• In general we would not disclose a patient’s medical information without their express permission.
• The Health Information Privacy Statement that the patient signs on enrolment explains that information may be shared with other health professions directly involved in their care, by PHO for health planning, statistical and educational purposes, for audit purposes by an appropriately qualified health practioner, data relevant to a programme in which the patient is participating, eg breast screening, immunisation, diabetes, and in an unidentifiable form for the District Health Board, Ministry of Health or PHO.
• There are rare exceptions to that may allow disclosure of a patient’s information, that are outlined in the Privacy Code: to prevent a serious and immediate threat to public safety or the life or health of the patient or someone else; is for the purposes of a criminal proceeding; is made under the Misuse of Drugs Act or the Medicines Act; concerns suspected child abuse and is made to a social worker or the police; or concerns unfitness to drive if the patient loses the capacity because of their mental or physical condition and intends to drive.
STATEMENT
“Please note that this practice is contributing to, and accessing healthcare information from HealthOne –
What is HealthOne?
HealthOne is a South Island based secure electronic record that allows registered healthcare providers directly involved in your healthcare, to quickly access information such as your test results, allergies, medications, GP summaries and hospital information. HealthOne adheres to the principles of the Privacy Act 2020 as well as the Rules set out in the Health Information Privacy Code 2020. Access is only possible via an approved highly secure healthcare information network which is regularly audited and tested. Privacy auditing is used to check that only those directly involved in your care are accessing your information. To find out more about HealthOne please visit https://healthone.org.nz/. Please note that you are entitled to restrict the sharing of your healthcare records by contacting 0508 837 872 or emailing HealthOne.privacy@pegasus.health.nz”