Privacy & Consent
S2S eReferral Privacy & Consent Information
1. Principles
Service-to-Service (S2S) applications, including eReferral are based on the underlying principles that the information necessary to provide the most appropriate health and community services may only be accessed with client consent, and in order to provide:
- The right information
- To the right people
- For the right reason
- In the right way
- At the right time
2. S2S Safeguards
Access to client information is subject to a number of safeguards including:
- Documented client consent;
- Registering and verifying consent in S2S at key access points;
- Allowing only authorised users to access S2S;
- Agency protocols and practices that comply with privacy legislation;
- Making compliance with privacy legislation a pre-requisite for use;
- S2S has a secure method of storing and transmitting information;
- Prompts warning users against any potential breach of privacy;
- Strict audit trails - all access and actions are permanently traced;
- Monitoring and reporting on any apparent attempt to breach privacy standards.
3. Client Consent
Verification of the client consent has been obtained must be recorded at key points in S2S where information is to be viewed, store or transmitted. There are a total of five (5) points in S2S where users must verify that client consent has been properly obtained. By ticking the consent checkbox and proceeding into any of these areas, the user is confirming that consent has been properly obtained. The key points are:
- Consent to search for the client.
- Consent to view a list of historical referrals or documents.
- Consent to view individual referrals or documents (based on Information Access Levels).
- Consent to view a summary of services the client has or is receiving.
- Consent to transmit (send) referrals.
Properly obtained consent includes the following:
- Appropriate consent form must be completed, signed and retained by the service. If requested, the client must be given a copy.
- Client confidentiality, privacy rights and responsibilities must be explained.
- Clients will be advised of the kind of information that will be viewed, stored or transmitted.
4. Information Access Levels
Clients can set an Information Access Level for each referral that specifies the level of access they permit others to have to their referral information. There are three (3) information access levels:
- Standard : All information and attachments relating to a given referral can be accessed by users who have obtained client consent to view their referral history.
- Limited : Only the information contained in the Coversheet, such as referral date and time, sender/receiver, current referral status and last update can be viewed by users who have obtained client consent to view their referral history.
- Sender-Receiver Only : The referral is only visible to the original sender and receiver. No other users can see that a referral has been made.
View Examples of Information Access Level scenarios
5. Obtaining and Recording of Consent
Users must explain to clients that they wish to use S2S eReferral or eWaitlist. Each state will have its own Consumer Information Sheets and Privacy Forms, which should be adapted to suit the particular service/agency and the level of consumer understanding. Where appropriate and possible, a translated version should be available.
A copy of the consent form must be kept by the sending agency. There is no requirement to send a copy to the receiving agency.
6. Information Storage
In accordance with legislative requirements of the Health Records Act, client information will be retained on S2S for a minimum of seven (7) years and longer in certain cases.