A reminder about privacy

COVID-19 is very serious public health responsibility and we are being trusted to provide services of the highest standard for clinicians and their patients. Given the considerable media and public interest in the virus, it’s timely to take a moment to remember our obligations to protect the confidentiality of patient information:

  • We may only access, use and disclose health information for the purpose of treatment and ongoing care of patients. If there is no need to look as part of your work, don’t. This is also true for our own records and those of our family and friends.
  • We must not intentionally disclose or use any information about the health or identity of an individual except where it is necessary for us to do our work (eg. Provide a patient’s pathology results to their referring clinician).
  • What we see and hear at work, must stay at work – we don’t discuss personal or health information with anyone who does not need the information to do their work (eg. colleagues in the lunchroom, or at home with our family and friends).
  • Protect any personal or health information in our care from unauthorised access by keeping records secure. Ensure we log out of electronic medical record (eMR) systems when we have finished our session, and never share our passwords with other

Remember if you suspect, or are informed, that a work colleague has breached a patient’s privacy you must report it to your manager and to NSWHP’s Privacy Contact Officer Matthew Ryan.

Local Health Districts routinely audit their electronic medical record systems for inappropriate access. Those who do the wrong thing will be caught.

There are serious penalties for staff who breach privacy, ranging from disciplinary action such as suspension and dismissal to an $11,000 fine or two year’s imprisonment (or both). Referral to the NSW Police Force and the Independent Commission Against Corruptions is also possible.

More detailed privacy information:

  • Privacy Leaflet for Staff summarises the privacy law requirements for NSW Health staff.
  • E-learning Privacy module 1 – Know your Boundaries – HETI My Health Learning - which should be completed as part of onboarding/induction but can be completed again as a refresher.
  • NSW Health Privacy Manual for Health Information provides staff with guidance on their obligations under the Health Records and Information Protection Act 2002 and is a useful resource for staff to read for further information.
  • NSW Health Privacy Management Plan explains how NSW Health complies with its obligations under the Privacy and Personal Information Protection Act 1998.
  • NSW Health Code of Conduct defines standards of ethical and professional conduct that are required of everyone working in NSW Health. Section 4.5 of the Code outlines requirements in relation to privacy and confidentiality of information.