Privacy and managing health information in general practice

Information management for general practice business information

The business of general practice

Privacy and managing health information in general practice
Download PDF
  1. References

Last revised: 24 May 2023

The business of general practice

 

The business of general practice

  • Consent for the use of health information for internal business practices is assumed.
  • Patients should be informed if your practice rotates GPs.
  • Consent should be obtained before collecting and disclosing health information between related bodies corporate or service trusts.


The use of health information for business purposes

Patients can expect their personal information to be used for the following secondary purposes without specific consent being provided:

  • ‘normal internal business practice, such as auditing and business planning’4
  • billing or debt recovery (confidentiality should be maintained).

This expectation also extends to practice staff having access to patient health information for these same purposes.

Practices should seek advice confirming this before disclosure to any third-party service provider involved for these purposes.

Group practices

In group practices that allocate GPs to patients based on availability, a patient’s health information will be disclosed to and used by whichever GP sees the patient.

New patients should be informed of this rolling or rotating use of GPs. Patients should also be notified of the consulting GP when booking their appointment. In this situation, consent can be inferred to the use and disclosure of the patient’s health information if the patient does not otherwise object to seeing the allocated GP.

This principle extends to new GPs employed into existing practices or partnerships.
 

  1. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles quick reference. 2014 [Accessed 7 November 2022].
  2. National Health and Medical Research Council, Australian Research Council, Australian Vice-Chancellors’ Committee. National statement on ethical conduct in human research (2007) (updated 2018). 2018 [Accessed 16 January 2023].
  3. Commonwealth of Australia. Privacy Act 1988.1988 [Accessed 7 November 2022].
  4. Australian Government, Office of the Australian Information Commissioner. Australian Privacy Principles guidelines: Privacy Act 1988. 2015 [Accessed 16 January 2023].
  5. Australian Government, Attorney-General. Parliament approves Government’s privacy penalty bill. 2022 [Accessed 16 January 2023].
  6. Medical Board of Australia, AHPRA. Good medical practice: A code of conduct for doctors in Australia. 2020 [Accessed 16 January 2023].
  7. Australian Government, Office of the Australian Information Commissioner. Business resource. Chapter 9: Research. 2019 [Accessed 16 January 2023].
  8. Australian Government, Office of the Australian Information Commissioner. Chapter 5: APP 5 – Notification of the collection of personal information. 2019 [Accessed 8 November 2022].
  9. Australian Medical Association. Frequently asked questions – Fees. [date unknown] [Accessed 8 November 2022].
  10. Australian Government, Office of the Australian Information Commissioner. Privacy for organisations: Trading in personal information. [date unknown] [Accessed 16 January 2023].
  11. National Health and Medical Research Council. Use and disclosure of genetic information to a patient’s genetic relatives under Section 95AA of the Privacy Act 1988 (Cth) – Guidelines for health practitioners in the private sector. 2014 [Accessed 16 January 2023].

Advertising