It is the Policy and Procedure of this Practice that all staff members sign a Confidentiality Agreement with the Practice stating that they understand this practice’s requirement to protect the privacy of information of all patient records including clinical data, accounts, verbal discussions, written documents including those emanating from computers or facsimile machines, heard, written, received or otherwise produced by others or themselves which are deemed strictly private and confidential and are not to be discussed or in any way released to anyone except under instruction by the Practice Principals or designate, and according to privacy law.


This privacy statement is binding even if that staff member is no longer employed by this practice.


They understand and are aware of the confidentiality requirements and recognise that significant breaches of confidentiality may provide grounds for instant dismissal.    




Reception staff of our Practice will collect all demographic information on patient including:

  • The patient’s full name

  • “preferred name”

  • Date of birth and age

  • Sex

  • Ethnicity

  • Both residential and postal address

  • Home phone number, work phone number and mobile phone number including which phone number the patient wishes to be used as the best contact number

  • Consent to SMS reminders

  • Third party consent for patient appointments, progress notes, investigations, results and requests to any specialist

  • Any appointment notes

  • Obtain health identifier number

  • Medicare number

  • Pension number (if any) and details including pension card type

  • DVA if applicable

  • Usual doctor

  • Health insurance fund and number if applicable

  • The patient will identify their next of kin and contact details for that person

  • The patient to advise of the emergency contact person and contact details for that person

  • Occupation


This information is collected as part of the patient’s full medical records. This information may be used in practice searches to identify different age groups so we can offer Health Checks at the age appropriate times.




Our GP’s, Allied Health Providers, and Practice Nurse have access to the patient’s full health record details including progress notes, investigations, past history, current and past prescription history, observations, social and family history, correspondence both in and out, enhances primary care details, health assessment details and clinical data. This information is collected and used to best care for our patients in a holistic and private manner.




Our practice is considered paperless and has systems in place to protect the privacy, security, quality and integrity of the personal health information held electronically.


At any given time, our practice does not leave personal health information of patients where members of the public could see or access that information.


Our Practice uses Best Practice Software which allows us to give each staff member set permissions and access to patient health information. These permissions are allocated to each staff member via their own unique individual password.


Reception staff: will have access to patient demographics, appointment bookings and messages from doctors. These messages from the doctors may include:


The doctor can at any time send a message to a reception staff member advising them to contact the patient and advise of a result. The reception staff member only has access to exactly what the doctor advises and at no stage does that receptionist have the authority or permission code to access a patient health record for further advice. If the patient requires further information regarding a result, they will be asked to book an appointment with the doctor to discuss further or in special circumstances a message can be sent to the doctor asking for further advice.



Reception staff have access to any incoming correspondence that needs to be scanned into a patient record. This is scanned through the Document Import section of the Best Practice Program, thus not needing access to open the patient record to scan. After the document is scanned, it is then put in a locked container awaiting confidential shredding (our contractor for this is: Westhaven Confidential and Security Shredding).


Practice Nurse: The Practice Nurse has access to the patient’s health record for recording a contact with a patient either face-to-face, by telephone or a message received enquiring into information needed by the patient. The Practice Nurse also has access to patient records for follow up at a GP’s request.


Practice Manager: The Practice Manager has access to patient demographics, billing and outstanding requests made by a GP. The Practice Manager has access when necessary to view a patient’s health summary and print to forward to another medical facility when requested in writing. The Practice Manager will also be able to access a patient’s record when a patient requests a copy of a result, specialist letter or any other information within the patient’s record that the patient requests.


General Practitioners: The GP’s of this Practice have full access to patient records when relevant and necessary.


Medical Students: Medical students are only authorised to view a patient’s health record when both the regular doctor and the patient give their consent to do so.


Allied Health. The Allied Health Providers of this Practice have full access to patient records when relevant and necessary.




If a patient requests access to their medical record for a copy of a result, specialist letter, health summary etc. they will need to complete and sign an Access to Patient Health record Consent form which must then be scanned into the patient’s records. This form is accessible through the letter writer in the patient’s record.


This form is then given to the Practice Manager who will open the patient’s record and print the relevant information that the patient has requested. This information will be then placed in a sealed envelope and distributed to the patient via the means requested on the request form.




It is the policy and procedure of this practice to obtain a signed consent form from a patient’s new medical practice including both the new doctor’s signature and also the patient’s signature before transferring a medical record. Necessary forms to transfer a patient’s record are available via the letter writer in the patient’s notes.


When our Practice receives a request for medical notes:

  • The request is given to the Practice Manager

  • Both the doctor and patient have signed the release form

  • The Practice Manager will firstly look at the amount of material requested.

  • For small amounts of information: a copy of the health summary and most recent investigations are printed and faxed with a cover letter to the new Practice

  • For larger amounts of information: a request for payment may be issued to the patient prior to sending large amounts of information; however, a health summary will ALWAYS be faxed upon receipt of any request for patient records.

    • When the fee for transferring the medical records is received the records will be sent via one of the following:

      • Fax (Depending on number of pages in the document)

      • Registered Post

      • Argus

      • CD




It is the policy and procedure of this practice that when we request a patient’s health record from a previous GP, we ask the patient to sign a Request for Patient Record form which will give the previous and current address details. When the patient has completed this form, the GP requesting the notes will sign the form and patient identification will be attached to the form and faxed or posted to the previous Practice.  Forms are accessible through the letter writer within the patient’s records.




It is the Practice Policy and Procedure to ask the patient’s permission to have a Medical Student, ECT Supervisor, Nursing Student or any other medical person sit in on the patient’s consultation. This is documented in the appointment book and also the patient’s records. We have an auto fill which the GP will use to document consent.


If the patient would like a family member, friend or other person to be present in the consultation this must be documented by the GP using the auto fil – TPC – adding in the third person consent.


It is the Practice Policy and Procedure to obtain third party consent when a patient attends for their initial consultation. The patient is asked to complete a New Patient Information Sheet which contains a question in relation to third party consent.  If third party consent is given, a separate form MUST BE completed and scanned into the patient’s medical records.


Third party consent can be documented in the Work Phone number section of the demographics:


                                       Example: T/P husband




It is the Practice Policy and Procedure to respond to all complaints regarding privacy related matters.


The complaint is documented in the complaints register by using a complaints form.


A letter is then written to the person lodging the complaint or who have verbally advised that the practice has breached the privacy of the patient. A copy of our Privacy Policy is attached for their perusal along with a copy of the patient’s signed consent.


However, this Policy has been altered in October 2013 in accordance to Standards 4 with the RACGP.


(Prior to this verbal consent was documented in the comment box in the patient’s demographics and in the Workplace Number section of the demographics as well as the new patient information sheet. However, this question was only asking if the patient allowed third party consent – Yes or No.)




In our practice, we retain paper-based health records for a patient aged over 25 years of age for a minimum of seven (7) years, and inactive electronic patient health records are retained indefinitely.


These are either stored in the patients clinical file in Best Practice or via a paper file which is locked in our file room.


Privacy and confidentiality are maintained during the destruction process to ensure information contained in the records is not divulged or seen by unauthorised persons. Records will be destroyed by shredding or pulping, in a secure environment, where a contracted document destruction company is used to undertake this task.




In October 2019 a new collection statement was added to the New Patient Information Form containing:


  1. The identity of the Practice

  2. The fact that patients can access their own health information

  3. The purpose for which the practice usually discloses patient health information

  4. Any law that requires the particular information to be collected (e.g.: notifiable diseases) 

  5. The main consequence for the individual if important health information is not provided