At Sunset Bay Health Campus we are very careful to ensure confidentiality of all client and staff personal information.
All staff need to be aware that there is both State/Territory and national legislation that covers this area.
Personal responsibility and communication guidelines
All staff, contractors and other personnel employed by Sunset Bay Health Campus are required to treat all client information with the utmost confidentiality. Staff with access to confidential, private or sensitive information are not to divulge this information with any other personnel unless authorised to do so. If you are ever asked to divulge confidential information about a client by a person who has no authority to request this, please report the matter to your supervisor immediately. If you ever hear a Sunset Bay employee discussing information of a confidential and/or private nature in an inappropriate way (eg, chatting to a colleague in the office or lunch room, telling friends in a social setting), you must report the matter to your supervisor immediately.
The easiest way to follow this policy is to remember one simple rule: NEVER give out confidential and/or private information about a client unless it’s to an authorised person. This means not even to family members - we have no way of knowing a person’s family situation, and that person has the right to withold private information from his/her family members.
Sunset Bay takes the confidentiality and privacy of our clients very seriously, and will not hesitate to take disciplinary action against any employees that are in breach of this policy.
Ramifications of breeches of the confidentiality of records
In a health setting a client can take legal action against the staff member responsible under the Law of Negligence. Sunset Bay owes a duty of care to the client to prevent any "damage" to the client.
To avoid a successful claim by the client, Sunset Bay needs to be able to prove that they have steps in place to prevent such a breach taking place. These are:
- Recruitment and selection of staff, incorporating police checks.
- Induction training of new staff on confidentiality and privacy and record keeping policy and procedures.
- Yearly staff training, reinforcing hospital policies and informing staff of any changes to policies.
- Correct audited procedures for record keeping.
- Security systems in place to monitor and record computer access to information.
- Security systems in place to regulate level of access to information for different staff.
- The police are called in if there appears to be any breach.
If Sunset Bay Health Campus policy and procedure regarding confidentiality of client information is not followed, the individual staff member (or staff members) may be sued by the client rather than Sunset Bay.
ALL staff at Sunset Bay Health Campus are required to sign a confidentiality agreement when they commence employment. This is a legally binding document that clearly states your obligation to treat all client information in a confidential manner.
- Privacy of the individual’s details must be maintained at all times.
- Personal information that needs to remain confidential includes the age, gender, address, and date of birth of the individual.
- Other topics that also need to remain private are details of health issues, family information. Any other information of a personal or sensitive nature should be discussed only with the appropriate people when and where others will not overhear the conversation.
- Staff sometimes will discuss details of a person in the lift, in the corridor or in the tearoom; this is a policy breach.
Access to records
Records may be paper or computer based, stored on discs or CDs. Records have legal, administrative and cultural constraints on their storage and disposal.
- Staff do not all require the same level of access to information. The level of access required is determined by the person’s job role.
- Security passes may be issued whilst the staff member is working on a particular job, and then withdrawn if the level of access required changes.
- Staff may require ID access or an electronic door pass to access data.
- Computer access is monitored and restricted to ensure that client confidentiality is maintained.
- Documents need to remain private and confidential, and must at all times be stored in a securely locked cabinet for access by authorised personnel only.
- Documents are not to be left where members of the general public may access them as the information within them could be taken out of context or made public.
- Check with the medical staff prior to allowing family members to access documents. There may be information that the client does not wish their family, friends or others to know.
- Under the Privacy Act, clients are able to access their own health information.
Records may not be transferred from one organisation to another without management approval. Not all organisations have reciprocal privacy agreements, so care needs to be taken and the correct channels followed to ensure that any sensitive or confidential information is not passed over to someone that may not treat the information in the same confidential manner as your organisation.
Computer and Internet confidentiality
- Within an organisation there will be information that is sensitive and confidential in nature stored on the computer network.
- At no time are staff to allow access for visitors to view computer-based information. Information that is printed out must be filed in the appropriate place according to the department’s protocols.
- Any information that is to be discarded must be thrown into the locked bins for shredding prior to being discarded.
- Most organisations have a confidentiality agreement that employees sign when they first join the company. These agreements protect the privacy of clients by ensuring that all staff will not pass on information of a personal or sensitive nature to any outside source.
- All staff are issued with an ID number that gives them access to a particular level of computer access.
Release of information
- The only time transfer of information is appropriate over the telephone is between authorised personnel such as medical staff, supervisors and management. Authorised personnel will give their ID details to verify their identity.
- When answering the phone, don’t ever give out any information - refer the enquiry immediately to a supervisor, manager or member of medical staff.
- If you are ever in any doubt as to the caller’s identity, or suspect that something is not right, inform a supervisor immediately and do not comply with any requests from the caller.
Press and media requests
- Never give information to the press or media. There is always a spokesperson for the organisation that will be designated as the person to speak with them.
- Politely decline any requests and refer the person to a supervisor.
Storage of records
- Records must be correctly stored and eventually destroyed (in line with legal requirements) by authorised personnel to make sure that information of a sensitive nature is not made public.
- All records must be stored in a secure, safe area where there is no possibility of damage by pests, vermin or environmental factors.
- Records are stored both at internal organisational and registered external storage areas.
- The area must be safeguarded by security, with access determined by an ID system or electronic card recognition system to prevent access from individuals that do not have clearance.
- When stored, there is a system for location of records to allow for ease of access by authorised staff.
- Records must be transported in a safe and confidential manner ensuring that access is only given to authorised staff.
Destruction of records
- Any confidential or sensitive paperwork is placed in locked bins and shredded prior to being sent for recycling.
- Records are kept for as long as they have value, which in the case of health records varies. It is generally for 7 years after the client’s death, but can vary for certain conditions and cultural considerations.
- Each State/Territory is covered by legislation and has regulations regarding record retention and disposal. These may be accessed at www.weblaw.edu.au.