Patient Privacy and Confidentiality Policy

LIFE MEDICAL IMAGING CENTRAL COAST (LMI)

In accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)

1. Purpose

This policy outlines how LMI manages and protects personal and sensitive information, including medical imaging and associated health records. It ensures compliance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs), and reflects our commitment to maintaining the confidentiality of all patient information.

2. Scope

This policy applies to all staff, including radiologists, radiographers, sonographers, administrative personnel, contractors, students, and third-party service providers who have access to patient data at LMI.

3. Definitions

  • Personal Information: Information that identifies or could reasonably identify an individual, such as name, address, date of birth, Medicare number.
  • Sensitive Information: A subset of personal information, including health information such as medical history, test results, imaging data, and treatment details.
  • Imaging Data: Any medical images (e.g. X-rays, MRIs, CT scans, ultrasounds) and related metadata.
  • PACS (Picture Archiving and Communication System): System used to securely store, retrieve, and transmit medical images.
  • RIS (Radiology Information System): A digital system managing scheduling, patient tracking, and reporting.

4. Policy Statement

LMI is committed to protecting the privacy and confidentiality of all patient personal and health information, including diagnostic images and reports. We collect, store, use, and disclose information only in accordance with the Privacy Act and the APPs.

PATIENT PRIVACY & CONFIDENTIALITY POLICY | July 2025

5. Collection of Personal and Health Information

We collect personal and sensitive health information:

  • Directly from patients or their authorised representatives.
  • From referring healthcare providers.
  • Through diagnostic imaging and clinical observations.

This information is collected for the purpose of providing diagnostic imaging services, supporting clinical care, and complying with legal and billing obligations (e.g. Medicare).

6. Use and Disclosure

Patient information may be used or disclosed:

  • For diagnostic purposes by radiologists and clinical staff.
  • To communicate findings to the referring healthcare provider or specialist.
  • For billing purposes (e.g. Medicare, Workers Compensation insurers).
  • For administrative or operational purposes (e.g. auditing, quality assurance).
  • With the patient’s express consent.
  • When required or authorised by law (e.g. subpoena, mandatory reporting).

We will not share personal or health information with overseas recipients unless:

  • The patient has given informed consent, or
  • The recipient is subject to laws or binding schemes substantially similar to the APPs.

7. Data Security and Safeguards

We implement the following measures to safeguard patient information:

A. Technical Security

  • Access to RIS and PACS is restricted via secure login credentials.
  • All electronic data is encrypted and securely backed up.
  • Access logs are maintained and regularly audited.

B. Administrative Security

  • Staff are trained regularly in privacy compliance and patient confidentiality.
  • Access to patient data is role-based and limited to those with a clinical or administrative need.

PATIENT PRIVACY & CONFIDENTIALITY POLICY | July 2025

8. Patient Access and Correction

Under APP 12 and 13, patients have the right to:

  • Request access to their personal and imaging information.
  • Request correction of inaccurate or outdated records.

Requests should be made in writing to the Operations Manager. Identification will be required before releasing any information. Access may be limited in some cases (e.g. where it may pose a serious threat to life or health), in accordance with APPs.

11. Policy Review

This policy will be reviewed at least annually, or sooner if there are changes to legislation, technology, or operational practices.

Effective Date: July 2025
Next Review Date: July 2026

12. Related Legislation and Guidelines

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles (APPs)
  • OAIC Guidelines on Health Information
  • Radiology professional codes of conduct