1. Policy Statement
Melbourne Primary Care Network (MPCN) trading as North Western Melbourne Primary Health Network (NWMPHN) is committed to protecting the privacy of every individual in accordance with legal and statutory requirements.
2.1 This policy applies to Personal Information that MPCN collects from its external stakeholders. The policy for the privacy of Personal Information of MPCN employees and board members is addressed in the HR Policy Manual.
2.2 MPCN requires its employees to comply with this policy in relation to any Personal Information they handle. MPCN also uses its best endeavours to ensure that contractors, suppliers, and service providers MPCN engages from time to time comply with similar obligations with respect to any Personal Information held by MPCN to which they may have access, or which may be disclosed to them.
Personal Information – refers to data, information, or opinion, in any form, through which an individual can reasonably be identified (regardless of whether the data, information or opinion is true or not or if it is stored in a material form or not). Examples of Personal Information include an individual’s name, address, telephone number, email address, health information. For the purposes of this policy, Personal Information also includes:
- Health information – information about the physical, mental, or psychological health of an individual; and
- Sensitive information – without limitation, information relating to religion, racial or ethnic origin, gender, sexual orientations, and philosophical beliefs, as well as health information.
APPs – refers to the Australian Privacy Principles in the Privacy Act 1988.
4. Roles & Responsibilities
4.1 The CEO, as delegated by the Board, has responsibility for ensuring the implementation of this policy.
4.2 The Privacy Officer, or a delegate of, is responsible for undertaking any actions or conducting any investigations required in upholding this policy.
4.3 MPCN employees are responsible for adopting procedures and processes to comply with this policy.
MPCN respects the privacy of the Personal Information it collects and MPCN adheres to Australian and Victorian privacy laws, including the Australian Privacy Principles (APPs). Full text of the APPs can be found on the website of the Office of the Australian Information Commissioner at oaic.gov.au
We are required by law to ensure that all personal and health information pertaining to patients and staff remains confidential. MPCN complies with all legislation relating to privacy and confidentiality including:
- Australian Privacy Principles in the Privacy Act 1988 (Commonwealth)
- the Health Services Act 1988 (Vic)
- Privacy and Data Protection Act 2014 (Vic)
- Freedom of Information 1982 (Vic)
- the Health Records Act 2001 (Vic)
MPCN will only collect information that is necessary to perform related management functions or provide health care. This will be done in a fair, lawful, and non-intrusive way.
Information will be collected directly from the individual rather than from another person. However, if this is not possible, and where practicable, the individual will be advised.
Information can only be used or disclosed for the primary purpose for which it was collected, or for a directly related secondary purpose, which could be expected. If required for any other purpose, consent is generally required.
MPCN cannot use or disclose personal or health information without the consent of the individual, except if it is required, authorised, or permitted under law.
Access to MPCN records and computer systems is secure, controlled and closely monitored.
Staff are bound by a strict code of confidentiality.
- Australian Privacy Principles in the Privacy Act 1988.
- The Privacy & Data Protection Act 2014 (Vic) deals with “Personal Information” and contains the Information Privacy Principles (“IPPs”).
- The Health Records Act 2001 (Vic) deals with “Health Information” and contains the Health Privacy Principles (“HPPs”).
Appendix A: Management of Privacy at MPCN (download pdf to view).