Home › Privacy policy

Privacy policy

Printer-friendly version

 ELECTRONIC SERVICE COORDINATION SYSTEM

PRIVACY & CONSENT INFORMATION BOOKLET

 1. PRINCIPLES

 The privacy and consent principles underlying the Electronic Service Coordination System (ESCS) are that the information necessary to provide the most appropriate health/community services may only be accessed (with consumer consent) in order to provide the:

 •    Right information

 •    To the right people

 •    For the right reason

 •    In the right way

 •    At the right time

 2. SAFEGUARDS

 Access to consumer information is subject to a number of safeguards, including:

 •    Documented consumer consent;

 •    Registering consent at key access points;

 •    Allowing only authorised users to access the system;

 •    Agency protocols and practices that comply with privacy legislation;

 •    Making compliance with privacy legislation a pre-requisite for use;

 •    System design that ensures a secure means of storing and transmitting information;

 •    Flags and text warning users against any potential breach of privacy;

 •    Strict audit trails - all access permanently traced;

 •    Monitoring and reporting on any apparent attempt to breach privacy standards.

 3.     CONSUMER CONSENT

The fact that consumer consent has been obtained must be recorded at key points where information is to be viewed, stored or transmitted. Procedures for obtaining and recording consent are detailed in point 3.6 below.

There are a total of five points in the system where practitioners must verify that consumer consent has been properly obtained.

These include:

•    Consent to search the ESCS Referral System.

•    Consent to view a list of SCTTs and/or referral events.

•    Consent to view SCTT content and/or referral details.

•    Consent to view Service Summaries.

•    Consent to transmit referral information.

By ticking the consent check box and proceeding into any of these areas, the practitioner is indicating that consent has been properly obtained.  Properly obtained consent includes the following:

•    The appropriate consent form must be filled in, signed and retained by the service. If requested, a copy is to be provided to the Consumer.

•    Consumer confidentiality and privacy rights and responsibilities must be explained.

•    Consumers may be advised of the kind of information that will be recorded/transmitted and may, where practicable, be shown the on -line examples incorporated into the system.

3.1     Consent to search the ESCS Referral System

Consumer consent to use ESCS must be gained before searching the system for that consumer’s details. By ticking the check box, practitioners are confirming that consent has been properly obtained - this confirmation is thus recorded electronically and will be used for audit trails.

3.2     Consent to view SCTT content and/or referral details Consumer consent, obtained under the general consent to use ESCS, is required to view details of the consumer’s records.

3.3     Consent to view a list of SCTTs and/or referral events

Consumer consent to use ESCS will also enable an authorised practitioner to view a list of SCTT or referral events.

3.4     Consent to view Service Summaries

•    The service summary provides health professionals with information relevant to understanding the current referral.

•    Consumer consent to use ESCS will enable authorised practitioners to view Service Summaries.

3.5     Consent to transmit electronic referral information

Consent to make the referral using the system is usually gained within the general context of obtaining and recording general approvals to make referrals and specific consent to use ESCS. This check box serves as a permanent record of this having been done.

3.6     INFORMATION ACCESS LEVELS

To facilitate service coordination while safeguarding privacy, consumers are asked, for a given referral, to specify the level of access they permit to their information. There are three such Information Access Levels:

•    Standard: All information and attachments relating to a given referral can be accessed by practitioners who have consumer consent.

•    Limited: Practitioners who have consumer consent may access only the consumer identification, sending and receiving services, the sending practitioner, the referral date/time, the current status, service start and end dates and the most recent feedback or outcome.

•    Sender-Receiver Only: The referral is only visible to the original sender and receiver and other parties cannot see that a referral has been made. The only information visible will be the consumer information details.

Case study

Eg1- Standard: A patient has been suffering falls. Referral information about these

incidents is available to all practitioners, provided they have consumer consent, who need to know that the patient is receiving community falls and balance assistance and help with home modification from an OT and ACAS. Authorised practitioners might use the system to see what services have already been organised and avoid duplicating service provision.

Eg2- Limited: The consumer is embarrassed by a recent injury due to a fall on the way home from the pub. The consumer does not mind other practitioners knowing he is currently seeing a physiotherapist but would prefer them not to not know why he is seeing the physio.

Eg3 - Sender-Receiver Only: The consumer is an alcoholic. He consents only to the sender and receiver involved in the referral being able to know this but does not want other service providers to become aware that the has this particular problem (e.g. his dentist). So far as other services are concerned, there is no visible record of such a referral having been made.

4.     OBTAINING AND RECORDING OF CONSENT

Practitioners must explain that they wish to use ESCS to make the referral. For this purpose, use the text provided in ‘Consumer Information Sheet Privacy and Consent’ (9 June 2006), which should be adapted to suit the particular agency and the level of consumer understanding.  Where appropriate and possible, a translated version may be provided.

Practitioners must also ascertain the Information Access Level relating to a given referral.

Consents relating to ESCS should be recorded in the third column under Section 1 of the form ‘Consumer Consent to Share Information’ (2006) or equivalent as shown below:

ESCS – Standard  (or Limited or Sender/Receiver only).

If the consumer wishes to qualify his/her consent in any way (see 3.1 to 3.5 above), then such qualifications should also be recorded at this point.

[If the consumer requires more detailed information about consent and privacy, this booklet should be provided.]

A copy of this consent form must be kept by the sending agency. There is no requirement to send a copy to the receiving agency.  The consumer must be given a copy of the Consumer Consent to Share Information form on request.

5.     SECURITY AND PRIVACY

System Security

•    All users of the system will require a username and password to access any part of the system.

•    Every role within a service is assigned access controls from within the ‘S2S IT System: Referral System Protocols’.

•   All interaction with the system occurs using Secure Socket Layer (SSL). This provides 128-bit encryption of all data that is transferred between the user’s web-browser and the system. No Consumer information is distributed through an insecure channel.

•    The system is hosted at the Infoxchange Australia tele-hosting facility located at the Australian Stock Exchange.

•    The system is hosted on an Apache server utilising a PostgreSQL database.

•    The server is monitored 24 hours.

•    Referral information is ALWAYS stored within the system. The consumer’s information never leaves the system.

The Consumer must be made aware of the Privacy & confidentiality legislation.

Refer to the: Department of Human Services Privacy website at http://www.dhs.vic.gov.au/privacy/ Office of the Health Services Commissioner website at http://www.health.vic.gov.au/hsc/

6. INFORMATION STORAGE

In accordance with the legislative requirements of the Health Records Act, consumer information will be retained on the system for a minimum of seven years and longer in certain cases.

7.     SUMMARY OF CONSENT AND INFORMATION ACCESS PROCEDURES

•    Explain consent and information access levels

•    Record the fact of consent having been granted and the Information Access Level selected by consumer

•    Obtain new consent/decision where necessary

•    Keep hard copy in records

•    If requested, give consumer/carer copy of Consumer Consent to Share Information and/or Consumer Privacy and Consent Information Sheet.

8.     FURTHER INFORMATION RE CONSENT

For detailed information and examples of consent issues vi sit:

http://www.health.vic.gov.au/hsc/ http://www.dhs.vic.gov.au/privacy/ http://www.dhs.vic.gov.au/privacy/traSCTTng/contents.htm#casestudies

 

Like more info?

If you'd like to contact S2S Support:
+ 61 3 9418 7466
apps@infoxchange.org