What is our primary purpose? e.g. To provide comprehensive, co-ordinated and continuing whole person medical care for individuals, families and the community.
(based on RACGP definition)

NPP1 What information do we collect? i.e. any identifying details incl. DOB, address, Tel, NOK, Emergency contacts, Marital status, employer details, Medicare No., Health Insurance details, Ethnicity, allergies & other sensitivities, Past & current medical history, social history, Medical procedures, Diagnostic tests, Results, Referrals, Reports from other health service providers, X-rays, Progress notes, Financial details related to billing, Medications, Immunisations, Work Cover examinations ….dates, amounts, related to this data….. Where possible information is collected directly from the patient.

NPP1 Purpose of collection? To gain sufficient information to provide for optimal ongoing management of each patient's health, care and well being and to ensure practice is viable to continue treating patients.

NPP5 How is the data stored? Paper, computer - patient registration form, accounts form, Medicare, Health Insurance claim form, Referral letter, medical record forms as per Rolls Printing/RACGP medical records. Medication scripts written manually & via computer (Medical Director software), Immunisation forms - ACIR, Pap Smear Registry forms, S8 Drugs - internal booklet used paper form to denote usage, sterilisation register (paper), doctor's letters/referrals on computer or paper. Medical records stored electronically on computer; also old records prior to Jan 1999 stored in paper records. Data accessed only via authorised GPs and staff. Computers have password access with paper medical records stored in locked filing cabinets/filing area. Staff who access files have signed privacy agreements. Practice manager and reception staff require access to accounts, demographic records and from time to time actual medical records. GPs are also aware of privacy restrictions and access issues and use passwords for computer access.

NPP2 How is data used? For maintaining current information about patients, updating demographics; accounts - payment, invoicing, follow-up; recall & reminder system, actioning report results, adding to medical record for comprehensive data - results, operation reports, emergency department visits, after hours & home consultations, telephone notes,

NPP1& 6 Who has access? For primary purpose and related secondary purpose: GPs, practice manager, reception staff. Patients referred to another health service provider will be aware that the information in referral letter, given to that service provider for normal course of ongoing patient care & management and patient has the right not to give consent to this (then they would not be referred to that provider!) Accounts details only provided to gain payment from insurance/Medicare office. No additional unnecessary data given. Pathology/Radiology, other medical, dental specialists, and allied health service providers providers included here. If research conducted, then each patient provides informed consent for his/her personal health information to be released. Patient has right to access of own personal health information under privacy legislation with noted exceptions. See our policy and NPP6 Access & Correction.

Under certain legislation we must disclose patient information e.g. Infectious Diseases Act - Health (Infectious Diseases) Regulations, Adoption Act
Specify as much as you can. Records must be disclosed under court orders, subpoenas, search warrants and Coroner's Court cases

NPP5 Do we inform patients of the intended use of their information?
See Policy Manual & summarise main issues for this review.

NPP2 Use & Disclosure When do we obtain a patient's consent?
Note: express and implied consent . See 6.5 of policy manual.

NPP3 Quality Is the data we collect accurate, up to date, & complete?
Audit sample of records e.g. 20 records for latest path, x-ray other results incl. referrals to specialists.

NPP4 How do we protect data from misuse, loss & unauthorised access?
Refer to Sec 6 of policy manual esp 6.3 Retention of Records & Archiving for security of records policies. Do random check of staff and their knowledge of policy and observe conduct for same.