Our Avant Medico-Legal Advisory Service (MLAS) handled over 20,000 calls last year, advising members and practices on how to prevent or respond to adverse incidents. Available 24/7 in emergencies, our MLAS provides expert advice to help minimise the chance of a complaint or claim occurring. Based on common queries our MLAS have received, here are six steps to take to protect your practice.
This year, new legislation came into effect on 22 February, placing a legal obligation on doctors and practices within the private sector to notify individuals – and the Office of the Information Commissioner (OAIC) – if their information has been affected by a ‘notifiable data breach.’
A breach will need to be notified if a data breach is likely to result in serious harm and remedial action cannot be taken to prevent the likelihood of serious harm.
To reduce the risk of a privacy breach in the first place, it’s important to take the following steps in your practice:
Medicare is paying closer attention to doctors’ activities. The Department of Health is increasing its Medicare and Professional Services Review compliance activity. Medicare audits have recently been conducted in relation to the billing of initial and subsequent consultation items by specialists and the use of overnight sleep study items by sleep physicians.
Doctors are legally responsible for services billed to Medicare under their Medicare provider number or in their name. Doctors are also responsible for incorrect claims regardless of who does the billing or receives the benefit.
To ensure services are billed correctly under Medicare, practices are advised to:
Many practices are unintentionally breaching national advertising laws through the use of testimonials and social media.
In April 2017, the Australian Health Practitioner Regulation Agency (AHPRA) outlined its approach to enforcing compliance with advertising standards. With a renewed focus on advertising compliance, and significant penalties for breaches, it is important to understand how you can promote your practice while staying within the law. Review AHPRA’s Guidelines for Advertising Regulated Health Services to understand your responsibilities.
For more information on what you can and can’t advertise, read our article.
Practices are increasingly embracing technology such as SMS or email to communicate with your patients. While this certainly has benefits, it’s important to keep in mind that electronic communications may be subject to cyber threats, privacy obligations and the Spam Act 2003 (Cth).
If you are communicating with your patients via SMS, refer to our factsheet for tips when using this channel and developing a SMS messaging policy.
Patients and organisations are increasingly requesting that information be sent to them via email. Your practice has an obligation to take reasonable steps to protect the privacy and security of information it holds including when it is transmitted or disclosed outside the organisation.
The use of passwords or encryption can reduce the risk of a data breach, although there is no legal requirement that emails be encrypted or password protected. The Royal Australasian College of General Practitioners provides guidance on using email for practices to reduce the risk of interception of data and sending emails to incorrect addresses, including:
You should have a policy and procedure in place to manage the electronic transmission of personal information, including the steps the practice will take to ensure the privacy and security of information transferred outside your practice is protected.
Practices and doctors can share a patient’s medical information with a third party if they have authority from the patient to do so or are required to by law.
Carefully read the information request and the patient’s authority to ensure the correct documentation is shared and that it’s within the scope of the patient’s authority.
Examples where legislation requires you to share health information without the patient’s express permission include:
Read our article to find out the requirements for consent, your legal obligations and when you can refuse to provide medical records. You can also watch our video, Managing requests for medical records.
In October 2017, the RACGP released the Standards for general practices (5th edition) (the Standards).
In order to align with the Standards, GP practices will need to update their policies, procedures and processes. It is also important these changes have been communicated with the practice team to ensure the changes are understood and implemented in a timely manner. Read our article for more information on the new modules and indicators covered in the Standards.
If you have a PracticeHub subscription, you will notice that the updated policies and procedures were added to your site from 1 December, 2017.
It is important that all practices:
Practices undertaking accreditation over the next 12 months should check with their accreditation provider about the changeover date for assessment. Accreditation providers are also conducting webinars and workshops on the requirements for practices to meet the new Standards.
By: Avant media
May 10, 2018