AMAV VICDOC Winter 2024 - Magazine - Page 85
The wording of this consent is also
important. In several states and
territories, consent needs to be obtained
not only to the recording of the
consultation, but also to the subsequent
communication of that recording and of
the clinical notes made by the software.
PRIVACY ACT
-
Most medical practitioners will already
be familiar with the Privacy Act 1988,
which governs the collection and
handling of personal information, and
applies to all Australian healthcare
providers. As consultation transcription
software records personal information
about patients (and potentially other
people in the consultation) and that
personal information is sent to the
provider of the software for processing,
practitioners need to ensure that their
use of this software complies with the
Privacy Act in several respects.
Firstly, the practitioner’s or clinic’s
privacy policy (under Australian Privacy
Principle 1) and collection statements
(under Australian Privacy Principle 5)
should mention that the practitioner
or clinic may disclose patient personal
information to the software provider
in the course of using the transcription
consultation software (although it is not
necessary to name the specific software
provider or the specific software used).
Secondly, you should read the software
provider’s privacy policy and terms of
service and ensure that you are satisfied
that they will:
» only use the personal information
they collect for the purposes of
generating the clinical notes and
for no other purpose;
» not disclose the personal information
to any subcontractors or other third
parties (or if they must, will ensure
those third parties do not misuse
that personal information);
» delete (or at least anonymise) any
personal information as soon as
possible after they have generated
the clinical notes; and
» keep any personal information they
do hold secure using appropriate
security measures, such as
encryption and access controls.
Thirdly, you should find out:
» where the software provider is
located, and whether it is subject
to the Privacy Act or a similar data
privacy law in another country; and
» where the software provider stores
the personal information it collects.
It is important to note that if the
software provider stores personal
information outside Australia, then you
may be responsible for notifying the
Office of the Australian Information
Commissioner and the affected
individuals in the event that it suffers
an eligible data breach. Your privacy
policy may also need to state which
countries the service provider will store
patient’s personal information in.
Level 9 | 360 Elizabeth Street
Melbourne Victoria 3000
Australia
T: +61 3 9498 6699
