Patient Access to Personal Health Information Policy & Procedure

 

1. Purpose

This policy outlines how patients may request access to their personal health information at Middle Road Medical Centre, ensuring compliance with the Privacy Act 1988, Australian Privacy Principles, and RACGP Standards.

2. Scope

This policy applies to all patients and all staff involved in handling personal health information in any form.

3. Policy Statement

Patients have the legal right to access their personal health information. All requests will be processed promptly, managed securely, and provided in an appropriate format unless a lawful exception applies.

4. What Information Patients Can Access

Patients may request access to:
• Full medical record
• Medical summaries
• Test results
• Immunisation history
• Consultation notes
• Medication lists
• Care plans
• Correspondence related to their care

5. How Patients Can Request Access

• Verbal request during consultation or at reception (must be documented)
• Written request via email, letter, or completion of the Patient Health Information Access Request Form
• Third-party requests must include written patient consent

6. Identity Verification

Staff must confirm full name, date of birth, and address or other identifiers before releasing personal health information.
Third parties must provide verified consent and authority to act.

 

 

 

7. Processing Access Requests

• Request acknowledged within 5 business days
• Information provided within 30 calendar days
• Released via printed copy, secure email, summary, or My Health Record upload
• Fees may apply for printing, administration, or postage

8. When Access May Be Refused

Access may be refused if release would:
• Pose a serious threat to life, health, or safety
• Impact another person’s privacy
• Breach a law or court order
• Relate to legal proceedings
A written explanation will be provided if access is refused.

9. Documentation Requirements

Staff must document:
• The request
• Identity verification
• Information released and method used
• Fees charged
• Date finalised
• Reason for any refusal

10. Security and Privacy Requirements

Information must only be released using secure, approved methods. Staff must not release information to unauthorised persons. Any breach must be reported immediately to the Practice Manager.

11. Complaints About Access

Patients may lodge complaints with:
• Practice Manager
• Office of the Health Ombudsman
• Office of the Australian Information Commissioner (OAIC)
Complaints are handled confidentially and promptly.

12. Review of Policy

This policy will be reviewed annually or sooner if privacy legislation or RACGP Standards change.