Principles of Confidentiality, Privacy, and Security in Medical Environment

Working within Accepted Codes of Conduct

Apply the principles of confidentiality, privacy and securitywithin the medical environment

This unit specifies the outcomes required to apply principles and requirements relating to confidentiality, privacy and security to own work within the medical environment.
It covers the elements:

Work within accepted codes of conduct
Follow confidentiality and privacy procedures
Follow security procedures

Introduction
Part of the Hippocratic Oath pledged by doctors states - “I shall respect the secrets confided in me”. A secretary is the doctor’s agent and is expected (by law) to do the same. Confidentiality is often broken by carelessness rather than deliberately. For example:
The list for tomorrow’s patients is on your desk. A patient comes out to make an appointment, reads the list (upside down) and comments that they didn’t know “so and so” was attending the same specialist. You ring a patient’s work number to change an appointment. You give the 
correct name and phone extension number and start to say where you are from when you realise the person you are talking to doesn’t know what you are talking about. The switchboard operator has put the call through to a person by the same Christian name at a different extension. A patient in a small town goes to see her doctor. There is a patient by the same name and the doctor starts to give out information of an extremely personal nature when he realises he has the wrong file.

A few guidelinesare:

When people ring for results make sure they are the patient themselves Be careful when talking on the phone if patients are waiting in front of you Don’t be tempted to discuss matters with family members or friends Don’t be tempted to discuss matters with other employees not concerned with the patient’s treatment Never turn the appointment book around to show the patient ? Be careful when sending confidential faxes. It is a good idea to ring the recipient and advise them to wait by the fax Workwithin acceptedcodesof conduct When working in a medical office, staff will often come across private and confidential information. Each practice will often have their own codes of practice, although government legislation stipulates certain rules. A good guideline is to put yourself in the place of the patient. Would you like certain information to be given out if you were in their situation? Obviously each one of us would like to be treated with respect. Reputations travel quickly. 

Follow Confidentiality and Privacy Procedures

If we take care to behave with honesty and integrity at all times we will be known by this. On the other hand word quickly spreads if people find their private matters have been discussed by unauthorised people. (Legal implications would also apply).
Clarification should be sought with relevant personnel of unclear or ambiguous procedures. Ideally the tasks that have been delegated would be under the supervision of the health practitioner or senior administrator. They would review and approve any situations involving confidentiality.
Codesof conduct(continued) Usually administrative matters are handled by the clerical staff, therefore matters related to health raised by patients are referred back to medical practitioners.

From time to time there may be a conflict of interest or potential conflict of interest. For example you may be working in a sensitive area and realise that a new patient knows you and could be embarrassed if you are aware of their problem. In this case promptly let the manager or supervisor know of the situation and they can decide what to do.
It is important that records are kept up-to-date and tasks are completed as required neatly, accurately and in a timely manner. In this way sensitive material is not left lying around.

Follow Confidentialityand Privacy Procedures
PrivacyActand Freedom of InformationAct In December, 2001 new legislation came into force regarding privacy laws and ownership of files (Privacy Act 2001). Another related law is the Freedom of Information Act.
The Freedom of InformationAct 1989 is designed to extend the rights of the public to obtain access to information and to ensure that records concerning the personal affairs of members of the public are not incomplete, incorrect, out of date or misleading. (Release of Information is a simpler method of allowing you access to your medical record than using the Freedom of Information Act).

Broadly speaking under the Freedom of Information Act a patient can receive information regarding their own health unless the medical practitioner decides that it would be detrimental to the patient’s physical or mental health to be given certain information.
The PrivacyAct Under this act information should not be given to third parties unless the patient has given written permission. There are exceptions to this rule where certain conditions need to be given to the state health department or where information is urgently needed for the patient’s treatment. Most probably senior staff members will have contacted your local state health department to know what can and cannot be disclosed.

Follow Security Procedures

If you are a receptionist or secretary you will be in the frontline for requests for information. It is important to have a clear idea of what is and what is not disclosable and also have a standard answer ready for unauthorised requests for information. Information requested may include details of patients’ conditions, names and addresses of patients, financial information, passwords or security arrangements etc. Discretion and judgement should be used in all communications.

If in doubt always go to the relevant personnel for advice and clarification where potential confidentiality issues arise in dealings with patients, their families and others. For example, a member of the patient’s family or another party may seek to obtain information that is confidential or private and is insistent that the information is provided.

Patient-related matters should be discussed only within the confines of the facility and with appropriate personnel. For example:
A relative comes to visit the receptionist from interstate. She comments that a local resident has died but no-one knows what from. The receptionist knows of that patient and the circumstances of their death. (It is a very small world!)

A staff member comes out to have a chat with the receptionist about an interesting letter she has typed. The patient’s relative is sitting within hearing distance.

Relevant personnelmay include:

supervisor/manager health practitioners

partners in the business

other specialised staff Follow Security Procedures
To maintain confidentiality, privacy and security patient records and other confidential documentation should be stored and secured appropriately. This may be in locked filing cabinets or in password protected computers.
From time to time old documents need to be taken to a secondary storage area. 
All documents required by legislation to be stored for certain periods of time are clearly labeled and stored securely according to organisational policies and procedures. When it comes time to dispose of these records they should be destroyed and not merely thrown out. Drugs, equipment and other materials requiring secure storage and potentially posing an OHS threat to others, should be stored securely at all times.

In Summary

Be aware of current legislation regarding release of information

Don’t leave confidential documents lying around

Don’t discuss confidential and private matters away from the workplace or with colleagues not involved in the patient’s care

If in doubt, check with a supervisor or colleague before releasing information

Take into account OHS issues when securing drugs etc.