Privacy Policy

At Penrith Physiotherapy Sports Centre we aim to ensure absolute confidentiality and safety of all personal health information collected regarding our patients.

Nature and scope of this practice policy 

This practice policy primarily addresses the management of “personal health information” in the practice.

This practice policy covers the following areas:

  • Privacy
  • Third party access
  • Access by a new physiotherapist or other practitioner
  • Patient access
  • Security
  • Staff training
  • Informing new patients
  • Marketing materials
  • Complaints/Feedback Policies & NDIS Complaints

Personal health information is defined as information which concerns a patient’s health, medical history or past or present health care; and which is in a form that enables or could enable the patient to be identified. 

This policy is based on the 2001 RACGP/CPMC Best Practice for the Management of Health Information in Medical Practice.   The handbook is consistent with the national Principles for the Fair Handling of Personal Information in the Federal Privacy Act 1988 as amended and with AVT, Victoria and proposed NSW health Privacy Legislation.

While the policy focuses on the management of the patient’s medical record, it also relates to information recorded, for example, in billing and accounting records, pathology and radiology results, medical certificates and letters to and from hospitals and other doctors.

Retention and Culling of clinical and administration records

All hard copies of information are stored safely and securely on the premises and kept for a minimum of 7 years after final attendance at the practice. In the case of a child, files are stored for 7 years after the final attendance after the child has turned 18 (25 years of age).

Our practice software stores some administrative and clinical records.

All electronic records are kept indefinitely and are made inactive at the discretion of the practice manager and treating practitioner or practice partner in the event the treating practitioner is unable to advise.

If necessary inactive electronic records are made active again using our computer software.

No record will be destroyed at any time without the permission of the treating practitioner or of a practice partner if the treating practitioner is no longer involved in the practice.

In the event of a practitioner being deceased or transferring out of the practice, the practice will post a notice in the practice waiting room or on the practice website informing patients.

OR a departing practitioner may choose to individually inform each patient, asking the patient to nominate a practitioner to whom the record should be transferred.

If the practice closes, patients will be contacted individually or, if this is not practical, a public notice will be placed in the local newspaper indicating the way in which patients should arrange for the transfer of their record to another physiotherapist.

When hard files are due to be destroyed they are shredded as directed by the Practice Manager.

1.  Privacy

All practitioners and staff will take steps to ensure that patients can discuss issues relating to their treatment and that the practitioners and other staff can record relevant personal health information, in a private setting where unauthorised people cannot access the information.

For example: practitioners will ensure that consultations are conducted in a manner that prevents conversations from being overheard. Staff will not enter a consultation area without communicating with the practitioner.   Staff, other practitioners and students should not be presented during the consultation without the prior permission of the patient.

There is auditory privacy in the waiting areas. The receptionists speak softly without mentioning patient’s full name, health conditions or problems.

Consultation areas have a modesty curtain to ensure patient privacy.

2.  Access to the Health record and to personal health information by practice staff and for practice research and Quality Assurance.

Patients are informed of who in the practice has access to their records.

Such information is displayed on the practice website.

Patients will be informed and consent gained if the practitioner undertakes research and quality improvement activities in which patient information is to be used.

The practitioner responsible for the activity will ensure that appropriate information is available from the reception staff for patients.

Access to identified records without patient consent may occur if this disclosure is necessary for the practitioners in the practice to carry out a review of their practice for the purpose of improving the quality of care provided and the activity has been approved under Commonwealth or State legislation or by a professional college. This may occur for example during a record audit carried out as part of practice accreditation. This provides safeguards to protect the confidentiality of the information provided.

When research projects are conducted in the practice under the approval of an institutional ethics committee, staff must be aware of the requirements to obtain consent specified in the research protocol and ensure that consent is properly obtained.

Where possible identifying information will be removed from personal health information being used for research and QA activities. Where this is not possible, internal staff accessing personal health information are aware that they are under an obligation of confidentiality not to disclose the information.   Breaches of that obligation may result in dismissal. The responsible practitioner will ensure that any external researchers are also under an explicit written obligation of confidentiality with appropriate penalties for disclosure.

Other disclosure

Practitioners and staff will ensure that personal health information is disclosed to third parties only where consent of the patient has been obtained. Exceptions to this rule occur when the disclosure is necessary to manage a serious and imminent threat to the patient’s health or welfare, or is required by law.

Practitioners will explain the nature of any information to be provided to others about the patient, for example, in letters to referrers, other practitioners and hospitals. If appropriate the letter may be shown to the patient. In terms of a letter patient consent is implicit in their agreement to be referred by their referrer or to take the letter to a hospital or other practitioner.

Practitioners and staff will only disclose to third parties that information which is required to fulfill the needs of the recipient.

Information disclosed to Medicare or other health insurers will be limited to the minimum required to obtain insurance rebates. Information supplied in response to a court order will be limited to the matter under consideration by the court.

Information classified by a practitioner or patient as restricted will not be disclosed without the explicit consent of the patient and/or practitioner.

3.  Access to the record by a new treating practitioner

Access to accurate and up-to-date information about the patient by a new treating practitioner is integral to the practitioner providing high quality health care. If a patient transfers away from the practice to another practitioner, and the patient requests that the health record is transferred, the existing practitioner will provide a copy of the record. This may incur a reasonable administration charge.

4.  Patient access to records

It is practice policy that all patients have access to the health information contained on their file. The treating practitioner will provide an up-to-date and accurate summary of their health information on request or whenever appropriate.

The treating practitioner will consider in a timely manner any written request made by a patient for access to the health record itself. In doing so he/she will need to consider the risk of any physical or mental harm resulting from the disclosure of health information.

If the practitioner is satisfied that the patient may safely see the record then he/she will either show the patient the record, or arrange for provision of a copy and explain the contents to the patient.   A charge may be incurred by the patient for any copying.

5.  Security

Practitioners and staff will protect personal health information against unauthorised access while it is being stored and transmitted.

Staff will ensure that patients and other visitors to the practice will not have access to the health record and that records or any other papers containing personal health information are not left where they may be accessed by unauthorised persons.

Non-clinical staff will limit their access to personal health information to the minimum necessary for the performance of their duties.

Fax, e-mail and telephone messages will be treated with security equal to that applying to health records.

Computer screens will be positioned in a way which prevents unauthorised viewing of a patient’s personal information.   Staff will ensure that computers left unattended cannot be accessed by unauthorised persons.

Practitioners and staff will ensure that personal health information held in the practice is secured against loss or alteration of data.

Patient records will not be taken away from the practice except when required by clinical staff for the care of a patient and kept securely during this time.   The responsible clinician will ensure that the record is returned to the practice and left in an appropriate place for filing.

Health records and other papers containing personal health information are either securely disposed of or filed promptly after each patient contact.

Staff will ensure that the computers are secured with a password and that the building is locked when leaving.

The data on the computer system will be backed up daily and a duplicate backup tape given to the nominated staff member for storage off site. Computer systems are constantly updated with latest virus and firewall protection.

6.  Staff training

On induction, all practice members are trained in the importance of confidentiality. All staff sign a confidentiality statement stating that breaching confidentiality is a dismissible offense.

Staff are encouraged to attend Receptionist Seminars, where available, as these contain segments on the management of personal health information.

The staff induction program will contain a specific segment on the management of personal health information.

7. Marketing Materials

We strive to deliver highly educational content and ways to improve your overall experience as a patient. We would like to send a periodic email from time to time to keep you updated. You can UNSUBSCRIBE to these emails by clicking the link at the bottom of the email sent to you.

Complaints / Feedback Handling Policy

A complaint is an expression of concern, dissatisfaction or frustration with the quality or delivery of service, a policy or procedure, or the conduct of another person.

  • Complaints can be made via email, phone, written letter or verbal conversation.
  • The Practice Manager is the designated Complaints Manager who will co-ordinate the management of complaints.
  • Complaints received from patients and/or staff through all form of communication (phone, email, letter, verbal conversation) must be bought to the attention of the Practice Manager.

The Complaints Manager must:

  1. Explain to patient/staff how they can submit a complaint i.e. phone, email, letter, verbal conversation
  2. Acknowledge to the patient/staff that the complaint has been received. If appropriate thank the person for bringing the matter to your attention and explain the complaint will be processed and acted upon promptly.
  3. Record details of the complaint. Check that you have understood and recorded the details of the complaint correctly. Ask for clarification of the facts if necessary.
  4. Assess the Complaint. If the complaint poses a risk to patient/staff health and safety, disputes the quality of service provided or effects the reputation of the business the complaint must be passed on to the Business Manager and Partners within 1 business day.
  5. Business Manager and Partners will discuss appropriate response and course of action for the complaint and report back to the Practice Manager.
  6. The Complaints Manager must ensure all complaints are responded to within 5 business days and follow-up on Business Manager and Partners decision if this timeframe is breached.
  • Practice Manager will respond to complaints from patients and administration staff after a decision has been made by Business Manager and Partners as to the appropriate course of action.
  • Complaints made by professional staff will be responded to by the Business Manager and Partners

NDIS Complaints and Feedback

How to make a complaint?

Penrith Physiotherapy Sports Centre strives to provide professional, high quality clinical care for all patients. If you feel we not provided a level of care or service that meets these standards, you can make a complaint or provide feedback by contacting our Practice Manager via our contact options available here.

If you are not satisfied with your response from Penrith Physiotherapy Sports Centre, you can contact the NDIS Commission by calling 1800 800 110, visit one of their offices in person or through the NDIS website, .