This document is to inform patients and doctors about the information handling procedures of SydPath, the pathology service of St Vincent’s Hospital, Sydney. As a health provider to the private as well as the public sector, SydPath is bound by the ten National Privacy Principles (NPP).
These are listed in summary below. These principles set the standards by which we handle an individuals personal information. (This paragraph refers to NPP 5).
Personal information is collected from the doctor when a test is requested. Such information includes patient identifiers such as name, address, sex and date of birth, as well as the tests requested and brief clinical notes supplied with the request. Such information is required to accurately identify the patient to whom the results belong, as well as to allow any interpretation of the results produced.
Patients may be asked to verify such personal details at the time of collection. In addition the laboratory will have the results of any tests requested.
Note that while the use of an alias for privacy reasons is allowable we discourage this practice as it may lead to patient misidentification and mismatching with previous results. Additionally the cost of tests requested under an alias cannot generally be claimed under Medicare. Note that we do not use any Commonwealth Government identifiers for internal record keeping purposes. (NPPs 1,7,8)
Personal information is handled with utmost respect for privacy and accuracy. Within SydPath the information will only be viewed by our professional staff, including doctors, collectors, scientists and clerical staff as required to provide a comprehensive pathology service. All our staff are bound by strict confidentiality requirements as a condition of employment. Additionally other companies, for example Information Technology providers, may access patient data in the performance of their duties. These companies and their employees are subject to strict privacy guidelines. Every effort is also made to ensure that any information is up to date, free from error and secure. (NPPs 3, 4 & 10).
It is our practice only to release results to the treating medical practitioner or such other doctors the patient or treating doctor may request. There are however several occasions where details may be required by law to be forwarded to various public health agencies. Examples include notification of toxic levels of certain substances like lead, certain infections, and notification to the Australian Cancer Registry. In the very rare circumstances that such reporting may be outside of Australia the same privacy guidelines will apply.
Certain laboratory results are treated with additional privacy concerns. In particular these include results of HIV tests and certain genetic tests. These results will only be made available to the treating doctor. Note that as a teaching hospital patient results may discussed for educational purposes, but only with strict attention to preserving the anonymity of the patient. (NPP 2 & 9).
Releasing results to patients
While we recognise that patients have a right to access their results, we follow the policy of the Royal College of Pathologists of Australasia such that, wherever possible, results are viewed first by a doctor with a duty of care for the patient. The doctor is then able to discuss the meaning of the results and make a copy available to the patient if it is considered appropriate. If a patient wishes to obtain a copy of SydPath pathology results, we request that the patient asks the treating doctor who will be able to supply a copy of the results. If a patient wishes to obtain a copy of their results directly from us, we request that the patient obtains signed approval from the treating doctor and arrange for us to prepare the report. We will need photographic identification before releasing results. If you have any further questions on this matter please call and ask to speak to one of our pathologists. (NPP 6).
The National Privacy Principles
- Information collection: Information collected must be the minimum necessary, collected with consent and with information about how that data will be used.
- Use and Disclosure: Information may only be used for the purpose for which it was collected unless the patient specifies otherwise.
- Data quality: The organisation must ensure that data is updated with most recent available information.
- Data Security: Health services should protect information against security risks including loss, misuse or unauthorised access.
- Openness: A provider must develop a document which clearly explains for consumers how heath information is handled.
- Access and correction: A patient has a general right of access to their own health records.
- Identifiers: Providers may not use a Medicare number or similar Commonwealth Government identifier as an identifier for record-keeping systems.
- Anonymity: Where lawful there is no requirement for patients to identify themselves in order to use the health service.
- Transborder data flows: Should data be transferred overseas the provider needs either assurance that these principles will be followed overseas or permission from the patient.
- Sensitive Information: Handling of sensitive information requires appropriate procedures.
Further information on Australian privacy guidelines is available at: www.privacy.gov.au