Confidentiality
Last updated Wednesday, 20th May 2023
Purpose
Grow Thrive Shine employees understand that all client information is private and confidential. Employees are responsible for maintaining client privacy in accordance with all federal and local / state regulations.
Policy
Under no circumstances will employees of Grow Thrive Shine Occupational Therapy discuss, or in any way reveal client information to unapproved employees, colleagues, other clients, family, or friends, whether at the practice or outside of it, such as in the home or at social occasions. This includes client accounts, appointments, referral letters, or any other clinical documentation.
Grow Thrive Shine Occupational Therapy practitioners and other employees are aware of confidentiality requirements for all client encounters.
Privacy
Purpose
The purpose of this policy is to clearly state the process for handling personal information, including health information.
Policy
Grow Thrive Shine Occupational Therapy employees have a responsibility to maintain the privacy of personal health information and related financial information. The privacy of this information is every client’s right.
This policy outlines how the practice handles personal information collected (including health information) and how the security of this information is protected. A privacy statement is made available to clients and anyone who requests it.
There are no degrees of privacy. All client information, including the information of employees who may be clients, must be considered private and confidential, even that which is seen or heard. Therefore, such information is not to be disclosed to family, friends, employees, or others without the client’s approval. Sometimes details about a client’s medical history or other contextual information, such as details of an appointment, can identify them – even if no name is attached to that information. This is still considered health information and it must be protected. Client information may not be disclosed either verbally, in writing, in electronic form, or by copying either at the practice or outside it, during or outside work hours, except for strictly approved use within the client care context, or as legally directed.
Informed Consent
Clients are informed of practice policies regarding the collection and management of their personal health information via the Grow Thrive Shine Website and on the Consent form that they sign.
Staff Access
Grow Thrive Shine Occupational Therapy client health records can be accessed by an appropriate team member when required. All client health records are electronic and accessible by appropriate employees.
Grow Thrive Shine Occupational Therapy employees have different levels of digital access to client health information. To protect the security of health information, employees do not give their computer passwords to others in the team.
Personal health information should be kept where employee supervision is easily provided and kept out of public view and access.
Computer Security
Active and inactive client health records are kept and stored securely.
This practice is considered paperless and has systems in place to protect the privacy, security, quality, and integrity of the personal health information held electronically. Appropriate employees are trained in computer security policies and procedures.
Grow Thrive Shine Occupational Therapy computers and servers comply with computer security standards.
Care should be taken that the general public cannot see or access computer screens that display information about other individuals. To reduce this risk, automated screen savers should be engaged.
Correspondence
Electronic information is transmitted over the public network in an encrypted format using secure messaging software.
Incoming client correspondence and diagnostic results are opened by a designated employee.
Items for collection or postage are left in a secure area out of public view.
Printers and other electronic communication devices in the practice are located in areas that are only accessible to practitioners and other approved staff.
Emails are sent via various nodes and are at risk of being intercepted. Client information may only be sent via email if it is securely encrypted according to industry and best practice standards.
Privacy information legislation
The Health Records and Information Privacy Act 2002 (HRIP Act) applies to health privacy
https://legislation.nsw.gov.au/view/html/inforce/current/act-2002-071
The Privacy and Personal Information Protection Act 1998 (PPIP Act) applies to non-health personal information.
http://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/nsw/consol_act/papipa1998464/