Privacy Tips for Providers and Suppliers

Transcription

1 Privacy Tips for Providers and Suppliers Privacy Tips for Suppliers It s important to constantly remind ourselves of the basic privacy principles and how these apply to the protection of personal information. There are 12 information privacy principles at the core of the Privacy Act, which can be summarised into the following key points using the PADLOCK acronym which are based on tips from the Privacy Commissioner. The information you collect must be connected to the function of your business or service delivery. P PURPOSE You must have a clear need for the information you collect and use. When requesting information from another source, be clear and specific about what you need and why. You should request that the sender includes a list of all documents attached to their communication and advise them if any of the documents are missing. If you cannot reasonably justify why you are holding a piece of information, delete or safely destroy it. Check regularly for any change in address or other contact details and update all related records. Any information NOT relating to the client should be immediately removed and relocated to the correct file or safely deleted or destroyed. A ACCURACY Information should be complete and correct. If any records appear unclear or contradictory, clarify directly with the client or immediate source of that information. Correct any mistakes promptly and ensure corrections to records are clearly documented as such, and signed and dated. Advise any recipients of incorrect information of such errors or corrections. When requesting information from another source, be clear and specific about what you need and why. D DATA MINIMISATION Collect and keep only what is necessary Remove and safely delete or destroy any duplicate information from client files. When reviewing client files, remove and safely delete or destroy any information that is irrelevant to the safe provision of services. Where records have been scanned and saved to an

2 electronic file, there is no need to retain the hard copy record (unless the quality of the scanned document is poor). L LIFECYCLE Only keep what is needed. Dispose of any information you don t need safely Be aware of the legislated timeframes for retention of health information (generally a minimum of 10 years, though this can be longer if specifically requested by the client or related to research data). Personal information must not be kept any longer than is needed for the purpose for which it was collected. For those providing episodic services for ACC (i.e. clinical assessors asked to provide an opinion based on review of other reports and documents), you should return or safely destroy all records once your report has been accepted by ACC. ACC will have copies of all records, should you need to access them again. Ensure computer systems allow electronic footprinting Ensure regular back-up of stored data O ONGOING RESPONSIBILITY Encourage proprivacy use of technologies now and in the future Ensure appropriate security measures are built into your system Ensure delegations allow appropriately restricted access of staff to certain parts of the system Ensure ongoing technical support and maintenance to protect against loss or corruption of data in the future Hard copy records should be kept in a secure, lockable area, preferably in a visible area away from client foottraffic. Areas containing personal information should ideally require security passes / codes to allow entry. C CONTROL Protect data at all times. This includes conducting verbal communications in a place and manner that would protect the client s privacy Electronic records should only be accessible by staff members who require that information to function in their role. Passwords should be required to access all information and should be changed regularly. All electronic records should be dated and electronically signed by the author. Use screen saver / screen lock programmes to ensure patients / clients cannot view other s people s records on unattended computers. When taking records away from the premises (i.e. when conducting home visits), all care should be taken to ensure information is secure (in a locked case or on a password-protected laptop or password-protected data stick) and that it remains in your immediate possession at all times.

3 If any part of the client record is to be left in the client s home, ensure it is accessible only by those who require it and contains only the information that is required. When sending information to other parties, you must first ensure it is accurate, relevant to the purpose for which it is being sent and relates only to the specific client; that the recipient s contact details are accurate; and that there is safe transfer (i.e. password protected documents, use of courier service and hand delivery, etc). You should clearly list all documents attached to any correspondence. Disposal of records should be done securely, whether through safe return to the owner, controlled shredding or burning, transfer to a new owner or appropriate removal from computerised records. K KNOWLEDGE Let your clients know what information is being collected and how it is being used The more sensitive the information, the more discussion may be needed with the client to ensure they understand how you intend to use it. If in doubt, it may be worth obtaining explicit written consent from the client for specific situations. Remember that the client can request access to their personal and clinical records at any time and you are obliged to provide them with this information. Keep your records clear, legible and objective at all times. There are simple ways that you can protect privacy: Develop a checklist that staff can use when receiving or sending information. When organising or copying client files, work on them one at a time do not work on multiple files concurrently. Work in a clear space where notes can t be mixed with other documents. Look at security settings for s (i.e. disable auto-populate address functions, set up an outbox, to allow a last check of unsent s, password protect documents, etc). Only attach documents to group s if you need everyone in that group to see those documents. Don t automatically reply to all when receiving a group if your response only relates to some of the potential recipients. Before forwarding s, ensure you remove any embedded documents that aren t a required part of the ongoing communication. If in doubt about someone s physical address, phone them and check. If using an address for the first time, send a test message and ask the person to confirm receipt. If leaving a voic message for a client, only leave your name and contact number and ask them to return your call.

4 In addition you may find it useful to: Have the key principles clearly visible in work areas where personal information is regularly handled. Consider how these suggestions might apply to you and look for other ways you might protect privacy in your particular work setting. All of the above are intended only as discussion topics for consideration and should not be regarded as a complete and definitive answer to this extensive and continually evolving subject. You know your business and your environment and you are ultimately responsible for ensuring the protection of your clients / patients privacy when handling their information. There is a great deal of information that can be accessed through The Office of the Privacy Commissioner Website: If you are in doubt, simply remember to only collect, keep and share what you actually need to collect, keep and share. Only keep the information for as long as you are likely to need it. If a breach does occur, be transparent and act promptly to advise those who may be affected.

5 The following Questions and Answers have been developed to support you to manage information relating to ACC clients. Question 1. What if each provider had a unique pin or password for documents that are sent to them? 2. Where are the main areas where providers are breaching privacy/going wrong? Answer If required, ACC can currently provide a password which is unique to a CD or document, rather than a generic one linked to a provider/supplier, because it provides a high level of security. However, this is a good idea and we will definitely give further consideration to this suggestion as our electronic communications processes develop. One of the recurring issues with providers is that inbound information, in particular ACC Injury Claim forms (ACC45), often contain incomplete or incorrect address information. This largely occurs with treating and lodging providers and results in ACC sending correspondence to an incorrect address. Providers should try to ensure they confirm the client s address before submitting a claim form. Another area is where providers use one template for multiple clients and not all the information relating to the previous client is removed before the template is sent to ACC. Providers should try to ensure they retain a clean unused template for each individual client. Where a provider is mobile and records are kept either on a mobile device or in the provider s home, the mobile device should be protected by secure password and only contain current information, (i.e. not used as a general storage device) Clinical records physically stored either at the client s or the provider s home should be stored securely in a locked cabinet until no longer required. 3. If a patient registration form is signed by a client then scanned and uploaded to an administration system, do you need to keep the original (paper) copy? What are our legislative requirements? It may be helpful for you to be guided by ACC s policy, which is to keep scanned documentation for 6 months, after which time it can be destroyed. Coles Medical Practice In New Zealand provides useful guidance that can also be used in non-medical practice around retention and storage of Health information that you may find useful. ACC s policy is to keep scanned documentation for 6 months, after which time it can be destroyed. 4. If you're running a clinic in schools, who signs the ACC45 for under 16s? The school A client can sign their own ACC45 if they are Gillick competent (that is if a medical practitioner or professional considers that the client can make their own decisions and understand the

6 may have a general 'authorisation' to act for the child but who signs the form? Currently nurses are doing it. 5. How should information be sent? What is ACC s recommended process? 6. How can I update my contact details with ACC 7. What password hints and tips for creating a safe password can you give us? 8. How long do we need to hold onto client information? ramifications of those decisions). Alternatively, a suitable adult from the school would suffice. Generally, how information is sent to ACC depends upon its sensitivity and the consequences for the client if it were to be disclosed unintentionally For example, if you are providing a brief update on a client s work trial, an is appropriate. If you are providing a report which contains health or other sensitive information, there would need to be a more secure method of delivery, such as courier or hand delivery. If you are a health provider submitting notes or reports to ACC, there are two secure methods that are acceptable to ACC: Healthlink or MMEX. For more information on these see the response to the question on Healthlink, at number 29 below To ensure that ACC s Communications get to you appropriately, You should advise ACC via at Health.Procurement@acc.co.nz of any change in your contact details as soon as possible ACC s advice to its staff is that complex passwords are the best and they should contain at least three characters from each of the following categories: UPPER CASE (A B C Z) Lower case (a b c.z) Numeric (012 9) Symbols # $). You should also choose passwords that cannot be easily guessed and use words that you wouldn t find in a dictionary. Information that is sent to you for the purposes of an assessment should not be retained. You should either securely destroy it or return it to ACC in an appropriate way. Any reports that you create and copy to ACC should be retained. The Health (Retention of Health Information) Regulations 1996 say that health agencies must keep health information for at least 10 years. ACC s own legislation, the Accident Compensation Act 2001, requires that ACC keeps every file for at least 10 years after the date of the last action recorded. ACC retains copies of all information sent to you; therefore it will still be available if you ever need to access it again. 9. Are ACC167 and ACC45 valid and legal? The current ACC167 and ACC45 are still legal. However, ACC has developed a new authority

7 10. We have a questionnaire that we need to complete on behalf of ACC asking questions such as are you a smoker? I do not feel that these questions are relevant to my treatment of this patient, can you please expand on why we have to ask such information? 11. We receive large whole PDF files from ACC, they have too much irrelevant information and are too big to save and difficult to manage. How do you propose we get just the relevant information from ACC in documents we can manage? 12. If a client,dhb or other treatment provider requires information urgently on a client, can we send it directly rather than having to go via ACC? What is the Policy on Suppliers/Providers sharing a patient s health information with other medical professionals in order to treat the patient? If ACC send information to a supplier/provider, what is our policy on resending the same information on? 13. How is inconsistency with how privacy is handled in ACC being managed? Issue over ACC not releasing information if a Supplier/Provider calls up with details form following the suggestions in two recent District Court decisions. The ACC6300 Authority to Collect Medical and Other Records form will soon be released for use on all new claims. We are not going to replace the ACC167 forms on all existing files, but we will do so if a client is not satisfied with their current consent and they request to sign the new form, or if we require new medical or other information related to the claim. An agency should only collect information for a legal purpose that is connected with one of its functions or activities. If you consider that specific questions are not relevant in the specific situation, or there is no legal purpose for the collection of that information, then do not request it from the client. ACC should only provide information that is relevant and necessary to disclose. Some providers prefer a comprehensive compilation of information, while others prefer a referral with only limited information. This will depend on their requirements, e.g. a home modification supplier will need more specific information about a client s injuries than a mental injury assessor, who may need to approach the client more holistically. As part of ACC s ongoing Privacy Programme, ACC will be looking to develop greater consistency in this area. In the meantime, if you receive information that you consider is superfluous, please contact the referring office. If a client or DHB requests information from you directly in a situation of urgency where an individual's life or health may be threatened, privacy legislation does enable you to forward it directly. However if ACC has provided you with information that another provider has requested, but their need for that information is unclear or does not appear related to the continued management of the covered injury, it is ACC's preference to deal with that provider directly. If in doubt, contact the client s case owner or return the information to ACC. We can then decide whether the information should be shared with another party. ACC has a suite of policies and operational procedures for the handling of personal information. In general, branch offices within ACC s Claims Management Network should all be adhering to the same processes. ACC acknowledges that there may be some variation in the way different business units operate, particularly with the heightened staff awareness of

8 of a client, but the dates are slightly out due to the clients not remembering the exact date. How do we overcome this issue? 14. If ACC wants information urgently, what are the guidelines within privacy policy about getting that information through? 15. What is the definition of a privacy officer for our suppliers? (ie if we need one, what would it involve) 16. Definition of written provided information that ACC sends us. Do we need to store it or, as ACC has this, can we dispose of it? If we do keep it, what are the time frames? privacy. As part of ACC s ongoing Privacy Programme, we will be looking to develop greater consistency in this area. When you call the Provider Helpline you will be asked for the client s name and date of birth. If you are unable to provide the exact date of injury, ACC will ask you for the approximate date of injury. It may also ask you other relevant questions such as the body region or injury cause. If you are able to provide that additional information, ACC should be able to provide you with the information you require. ACC usually asks for information to be provided within 10 days. There are no specific guidelines in the privacy policy about urgent information requests, however, if information is required within a shorter time frame, we should provide you with a reason why and assist you to pass on that information in the most secure way possible. Usually urgent requests are made only when absolutely necessary and your cooperation may help prevent situations from escalating unduly. Section 23 of the Privacy Act 1993 states that all agencies must have at least one privacy officer a person within the agency who knows about privacy. The legislation specifies that the responsibilities of a privacy officer include: the encouragement of compliance, by the agency, with the information privacy principles dealing with requests made to the agency pursuant to the Privacy Act working with the Privacy Commissioner in relation to investigations conducted under the Privacy Act in relation to the agency otherwise ensuring compliance by the agency with the provisions of the Privacy Act. The Office of the Privacy Commissioner has more information on privacy officers, which can be found at: Information that is sent to you for the purposes of an assessment should not be retained. You should either securely destroy it or return it to ACC in an appropriate way. Any reports that you create and copy to ACC should be retained. The Health (Retention of Health Information) Regulations 1996 say that health agencies must keep health information for at least 10 years. ACC s own legislation, the Accident Compensation Act 2001, requires that ACC keeps every file for at least 10 years after the date of the last action recorded. ACC retains copies of all information sent to you; therefore it will still be available if you ever need to access it again. ACC s policy is to keep scanned documentation for 6 months, after which time it can be

9 17. How does ACC identify Suppliers and Providers? What checks are in place to verify them? 18. How long are the ACC45 and the ACC167 forms valid, i.e. when the claim is done, do we need written consent to gather further info? 19. Is there a clear policy around if a client provides the wrong information, that the Supplier is indemnified. destroyed. Providers are generally individual employees or subcontractors who deliver a one-to-one service to the client e.g. a physiotherapist, occupational therapist or vocational rehabilitation consultant. Each provider has a unique reference number which identifies them as a provider. Suppliers (previously known as Vendors) are generally a practice or an organisation that delivers goods and/or services (treatment or rehabilitation) to ACC clients. Each Supplier has a reference number which identifies them as a Supplier. A Supplier may have a number of providers working within their practice or organisation. The first consent that ACC obtains is via the ACC45. If the claim transfers to a branch for management, then the client is required to complete an ACC167 (soon to be replaced by the new authorisation form ACC6300). A client may negotiate a time period for which the authorisation applies. However, in general the consent provided in the authorisation form applies for the whole period during which ACC provides assistance for the particular claim. There will also be opportunities for clients to create individual authorisation particular to their needs (as an alternative to signing the template authorisation form). ACC accepts that Suppliers and Providers are dependent on clients providing them with accurate and factual information. The privacy legislation requires that a reasonable attempt is made to ensure that the information is accurate. For example, if asked to determine a client s level of impairment from injury, you would be expected to perform your own objective assessment in addition to documenting the client s subjective history. However, if incorrect information is passed to ACC in good faith, then there is no penalty for Suppliers. Therefore, there is no need for an indemnification policy. 20. What is being done with return to sender mail If information is returned to ACC due to an invalid, insufficient, or out of date address, ACC will attempt to confirm the correct address. If that can be done, the intended recipient s contact details will be updated and the information resent. If the intended recipient s address cannot be verified, ACC will generally record it as not valid and won t resend the item. 21. Can we, as Suppliers, utilise ACC s privacy module for training, or can ACC provide something based on it? If you have received incorrectly addressed mail, please contact the provider helpline on or via at providerhelp@acc.co.nz ACC s privacy training module Stop, Think, Check, Do is an online module. ACC will investigate whether it is possible to provide access to the module in its current form. If that is not possible, we will be able to provide a physical copy of the module in PDF form (although obviously without the animation and sound of our version). You are welcome to adapt the

10 22. Healthlink where does it go? What is Healthlink and how do ACC use it? Increasing information coming into clinicians via Healthlink and ACC, feel at risk at the level of content. How do we manage this? 23. Is ACC going to start working on NHI numbers rather than Names and DOB, as this is a much more confidential way of accessing information, especially in an open plan GPs, for example? We need an NHI number to invoice electronically but not everyone has an NHI number, how does this work? What is the 0800 number to get the NHI number? 24. We would like some general privacy guidelines about what we should and should not do with patient information in s, i.e. what should be in the heading and content module for your staff. The website of the Office of the Privacy Commissioner also has a range of resources for training on privacy. If you are a health provider, Healthlink is a secure method of submitting notes and reports to ACC. You can use Healthlink to submit reports if you have a practice management system (PMS) that is able to send notes/reports in an RSD, Healthdoc or LAB format. To submit reports to ACC via Healthlink you will need to send notes/reports to ACC s EDI addresses, such as ACCSPECR. For further information on ACC EDI addresses, Healthlink and working online with ACC, go to: MMEx is an alternative method of submitting notes and reports to ACC if you don t have a PMS or a PMS Healthlink compatible system. MMEx is a secure mailbox account that lets you create an , attach notes/reports then them securely to ACC. If you would like to use this option, call the ACC ebusiness team ( ) who will be able to set you up with an account. As you will be sending information using a digital certificate, which verifies the sender and encrypts the information, it is secure. The National Health Index (NHI) is a database which assigns and maintains a unique identifier (the NHI number) for every recipient of health and disability supports in New Zealand. While the NHI number is a unique identifier for health and disability services, it is not unique to ACC. Therefore, ACC will continue to use the claim number when referring to our clients claims. However, the NHI is always useful as a secondary identifier along with a clients address, date of birth etc. An NHI number is required for electronic invoicing. If you have access to NOAH (NHI Online Access for Health) you will be able to obtain the client s NHI number. If you do not have access, you can contact the Ministry of Health. The Provider Helpline (0800 number) will not provide you with the client s NHI number. Any communication with ACC about a client is uploaded to the client s electronic claim file. If the client requests a copy of the file, they will be able to view these s. Therefore, all communication should be of a professional standard and written in the knowledge that it may be viewed by the client. The should only refer to information relevant to the

11 What information can we put in an about a claimant? management of the client s claim. As s tend to be an informal form of communication, if you are providing a lot of detailed information or viewpoints, you should consider whether a letter or report is more appropriate. It is ok to identify the client in the , and refer to their injury, treatment or rehabilitation in the main body of your message. If you have verified the address of the ACC staff member you are writing to, it is ok to put the clients name in the subject line. 25. What constitutes a privacy breach? It s not defined in the Privacy Act. 26. What be done with client/patient information if the provider stops practicing or dies? How would appropriate access continue for other agencies requiring access to that information The Privacy Commissioner states that a privacy breach occurs when there is unauthorised access to or collection, use, or disclosure of personal information. Such activity is unauthorised if it occurs in contravention of the Privacy Act 1993 (or applicable code of practice issued under the Act). Some of the most common privacy breaches happen when personal information of customers, patients, clients or employees is stolen, lost or mistakenly disclosed (e.g. a computer containing personal information is stolen or personal information is mistakenly ed to the wrong people). A privacy breach may also be a consequence of faulty business procedure or an operational break-down. ACC has developed its own definitions to ensure a consistent system for recording, monitoring and reporting privacy incidents. The definitions are as follows: Data breach: When personal information is disclosed outside ACC when it should not have been, e.g. by error, mistake or without legal authority. Near Miss: An identified action that would have led to a privacy breach but didn t because the information was not disclosed. Coles Medical can provide information of transferring information to another treatment provider Meeting all the requirements for the retention of patient records can be difficult, especially for sole practitioners. Before retiring, Practitioners should make prior arrangements for another practitioner to accept responsibility for the records; or arrange for patients to collect their own records. In the situation where arrangements have not been made for the retention of patient records and the Practitioner dies, the Executor of the Estate or the Power of Attorney should endeavour to return records to the patient (the patient s family if the patient is dead), or to another practitioner. 27. How can you rely on ACC s client contact ACC endeavours to ensure the information we hold is as up to date as possible however we

12 information being correct accept that suppliers and providers are dependent on clients providing them with accurate contact information. It is important to check with the client at every opportunity that information held is current.

13 Take the time to know your privacy principles The Privacy Act has 12 privacy principles for handling personal information. 10 use it only for the purpose you got it 11 only disclose it if you have a good reason 12 only use unique identifiers where it s clearly allowed 1 only collect personal information you really need 2 get it directly from the person wherever possible 9 dispose of it when it s no longer needed 8 take care that it s accurate before using it 7 fix it if the person thinks it s wrong 6 let the person see it if they want to 5 keep it secure 3 be open with people about what s going to be done with it 4 be fair about how you get it

14 P A D L O C K Purpose: Have a clear need for collecting and using personal information. Accuracy: Personal information should be correct and accurately processed. Fix any mistakes promptly. Data minimisation: Collect only what is necessary; keep only what is necessary. Lifecycle: Make smart choices about information use and flow while it is in your care. Dispose of information safely. Ongoing responsibility: Encourage pro-privacy use of technologies now and in the future. Control: Protect data at all times. Knowledge: Tell people why information is being collected, and how it is being used.