Practice Policies

Vaccinations

 

Our registered nurses perform most vaccinations in our daily nurse led clinics. These appointments are generally bulk billed.

​Travel vaccinations require a separate consultation with your doctor, preferably at least six weeks prior to your trip. If you have purchased a private vaccine to be administrated, please advise the receptionist on arrival.

Prescriptions

 

​To avoid mistakes, repeat prescriptions require a consultation. Although this may seem inconvenient in the majority of cases, ongoing monitoring is required. Generally this brief consultation can be done via telehealth.

Sickness Certificates

 

​Medical and sickness certificates can only be issued as a result of a consultation; these certificates cannot be legally backdated.

Infection Control

 

​All non-disposable instruments are sterilized in accordance with Australian College of General Practitioners guidelines. An autoclave is used for this process and is regularly checked to ensure efficiency.

Minor Operations

 

​Minor procedures such as excision of skin lesions, also suturing of wounds are performed in our theatre area. Due to sterilizing costs there will be a gap to pay for procedures, this will apply to all patients (except DVA). All concession card holders and patients under the age of 16 will receive this service at a reduced rate.

Email Policy

 

As all health information is sensitive by nature, all communication of health information, including via electronic means, must adequately protect the patient’s privacy. Russell Clinic does not have encryption on emails, therefore we assess each situation and follow a risk matrix when sending sensitive information digitally.

Phone Calls

 

​Urgent matters will be attended to immediately and non-urgent calls will be attended to as soon as possible. It can often take our staff some time to catch doctors to pass on information, please be patient as they are doing their best to attend to phones in a timely manner while also trying to communicate with the doctors.

Reminder System

 

This practice uses a recall/reminder system to provide preventative care for our patients. We also receive information from National recall systems such as breast screen, cervical screening and bowel cancer screening.

Continuity of Care

 

​In the interest of continuity of care we encourage you to see your regular GP whenever possible.

Results

 

​Unless otherwise specified we request that you phone the surgery to follow up your results. Please ring after 10.00 am.

Smoking

 

For occupational health and safety reasons, there is no smoking on our practice premises or in the immediate environment.

Patient Information

 

​In order for us to better manage your health, it is important that we have your relevant information including previous medical history and cultural background.
It is also important to have all your contact details in case of an emergency. If your details have recently changed, please ensure to notify us.

Translating Services

 

Please let staff know before your appointment if an interpreter is required, as we will be able to arrange this if it is required.

Catastrophic Fire Days

 

As Russell Clinic is situated in a high risk area for catastrophic fire danger days, we have decided to close the practice for the safety of staff and patients. We check the CFS website after 4.00pm every day in fire danger season. We will make every attempt to contact all patients who have appointments booked.

Privacy Policy & Confidentiality

 

Collection:
It is necessary for the Doctors and staff to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs. This information is generally collected from the patient, and with the patients’ consent. However, sometimes we may receive patient information from others, when this occurs we will, wherever possible, make sure the patient knows we have received this information.
 
Use and disclosure:
To ensure quality and continuity of patient care, patients’ health information is used or disclosed for purposes directly related to their health care. This may include sharing information with other health care providers who comprise a patients’ medical team. If you don’t wish for this to happen you should discuss this with your Doctor. In addition there are circumstances when information has to be disclosed without patient consent, such as
 

  • By law, Doctors are sometimes required to disclose information for public interest reasons, eg mandatory reporting of some communicable diseases.

  • Emergency situations.

  • To fulfill a medical indemnity insurance obligation.

  • Information to Medicare or private health funds, if relevant, for billing and medical rebate purposes.

 
Correction:
Patients will be given the opportunity to amend any personal information held that is incorrect as long as the alteration is straightforward, such as amending an address or phone number. Any other alterations should be recorded by the Doctor and noted. For legal reasons, we do not alter or erase the original entries in a medical record.

Notifiable data breach:
As a private practice we have an obligation to inform patients and the Office of the Australian Information Commissioner (OAIC) of eligible data breaches which involve:
 

  • unauthorised access to information.

  • unauthorised use of information.

  • loss of information likely to result in authorised access or disclosure.

If these events:

  • are likely to result in serious harm to affected individuals.

  • cannot be effectively remediated through action to prevent the likely risk of serious harm.

 
If a breach has been identified:

  • The first thing is to take the necessary steps to contain or fix the breach

  • The next step is to assess the breach, what it involves and the risk it may pose to affected individuals

  • Contact MIGA claims solicitors for assistance in working through what, if any, reporting requirements need to be considered.

  • If you believe there has been a notifiable data breach, you must notify OAIC and individuals as soon as practicable.

  • If you only suspect there may have been a notifiable data breach, you have up to 30 days to complete an assessment of whether there has been a notifiable data breach.

 
There are no prescribed assessment process procedures. Depending on the circumstances, it may only involve liaising with those involved in your practice and reviewing information. In more complex cases, such as hacking of practice systems, you may need expert involvement.

To assess whether individuals are at risk of serious harm, you apply the test of the ‘reasonable person’ in your position, taking into account information you have or can reasonably ascertain, considering:

  • The nature of the information

  • Sensitivity of the information

  • Any security measures used and likelihood they could be overcome

  • Nature of potential harm to individuals, which could be psychological, emotional, physical, financial or reputational.

According to the OAIC, the chance of serious harm increases with the number of individuals affected, and it would be prudent to assume breaches involving a very large number of individuals are likey to result in serious harm to at least one individual.
 
Make the notification to individuals and OAIC under the advice of MIGA.
 
Examples of unauthorised access, disclosure or loss which could lead to an obligation to inform patients and the OAIC include:

  • test results being send to the wrong patient.

  • inappropriate disclosure of health information to a family member or friend, i.e. where not permitted under privacy laws or in breach of a Court order.

  • viewing of health records by unauthorised practice staff members or contractors.

  • inadequate steps to ‘cleanse’ or destroy information on computer hardware before it is disposed of.

  • successfully hacking of a practice’s computer system or cloud storage provider.

  • practice or storage provider break-ins and theft of information.

  • loss of information stored electronically (ie USB) or on paper.

  • inadvertently placing health or other personal information on a publicly accessible website.


Exceptions of notifications are as follows:

  • Individuals are not likely to suffer a risk of serious harm from unauthorised access, disclosure or loss

  • There was no unauthorised access or disclosure following loss of information

  • Remedial action taken following unauthorised access, disclosure or loss was sufficient to prevent the risk of serious harm.

  • If there is more than one person or entity that holds the information and have an obligation to notify. (in these circumstances, only one is expected to make the notification on behalf of all which is usually the one with the most direct connection with the affected individuals. This is usually the patients doctor.)

 
Once it is established there is a need to notify OAIC and affected individuals MIGA will be contacted for assistance with the preparation of the notice.
 
To notify OAIC
There is a template notification data breach statement available on its website-www.oaic.gov.au/ndb. We need to provide provider identity and contact details, description of the breach, nature of the information involved and recommendations about steps which affected individuals could take in response.
 
Notifying affected individuals
We will provide individuals with enough information for them to assess the possible consequences of the data breach and to take necessary protective action.
 
Data security, retention and quality
The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for our medical practice to keep patient information after a patient’s last attendance for as long as is required by law.
All patient information held by this practice will be maintained in a form that is accurate, complete and up to date.
 
Access
Patients have a right to have access to their personal health information. It is the policy of this practice that the patient makes an appointment with the Doctor concerned regarding access to their files. The Doctor should be present to clarify any aspects and to permit any concerns of the patient to be discussed and resolved. In some cases, it may be appropriate to refer the patient back to the original author of a letter or medical report.
 
Upon written request by the patient, a patient’s health information held by this practice will be made available to another health service provider.
 
This practice acknowledges the right of children to privacy of their health information. Based on the professional judgment of the Doctor and consistent with the law, it may at times be necessary to restrict access to personal health information by patients and guardians.
 
There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained. Eg:

  • Providing access would pose a serious threat to the life or health of any individual.

  • Providing access would have an unreasonable impact on the privacy of other individuals.

  • The request for access is frivolous or vexatious; or

  • Denying access is required or authorized by law.


Quality assurance & continuing professional development:
Personal health information will be used for quality assurance and continuing professional development activities within the practice where:
 

  • The activities are directly related to the purpose for which the information was collected and are within the reasonable expectations of the patient; or

  • The patient has given consent for the use of personal health information for these activities; or

  • The personal health information has been de-identified; or

  • The activities involve research or the compilation of statistics, have been approved by a properly constituted Human Research Ethics Committee, and are conducted in accordance with that committee’s requirements.

 
Personal health information outside the practice should, in addition, comply with relevant guidelines.
 
Where the health information enables both the patient and health provider to be identified, the patient retains the right to control the flow of that information.
 
Complaints
It is important to us that your expectations about the way in which we handle your information are the same as ours. Please do not hesitate to discuss any concerns, questions or complaints about any issues related to the privacy of your personal information with your Doctor.
If you are dissatisfied you can complain to the Federal Privacy Commissioner whose contact details are:
G P O Box 5218
Sydney, NSW, 2000
Privacy Hotline: 1300 363 992