Policy
IDI is committed to protecting the privacy of clients, consumers and staff and the confidentiality of client and staff records. All staff are required to conform to current legislation relating to client privacy and confidentiality and inform clients of their rights with regard to consent, access and disclosure of information and complaints.

Guidelines
1. This policy relates to the collection, consent, handling and disclosure of health information by IDI and access to personal health records by clients.

2. Health information refers to: all identifying personal information collected to provide a health service, including medical and other health details, plus financial details, names of relatives etc., and medical and treatment details of employees.

3. The policy refers to all documents and electronic and paper-based files, relating to staff, clinical, epidemiology and lifestyle research participants, medical and education clients. This includes information collected by IDI, provided by clients or other persons, referring health professionals and GPs and correspondence relating to clients.

4. IDI management, Board members and staff will adhere to and enforce all relevant legislation regarding privacy. The legislation includes: The Health Records Act, 2001 (Victoria) Information Privacy Act, 2001.

5. Staff will collect and access only the information they require to perform their work or service to the client. Access to non-relevant information will be restricted.

6. Records will be stored in a safe and secure manner and password login will limit access to confidential information in the electronic databases. Files will progressively become collected and stored electronically. By the end of 2004, all medical data will be stored on an electronic database.

7. Personal and health information can only be used in the manner and purpose for which consent has been given. Written consent must be obtained from the client to allow collection, sharing of or disclosure of personal or health information, or when requested by a third party. Consent is not required for emergency situations.

8. Clients will be informed of the purpose and intended use of the information collected and how they can access their health information. Written information is available and accessible, and further explanation is available on request, in other languages if required.

9. Clients may obtain access to their health records as per the rights and limitations of the Health Records Act, and/or to make corrections where necessary.

10. A Privacy Officer has been appointed to receive enquiries, requests for access to records and complaints and to direct requests for information to the appropriate provider. The Privacy Officer is the Director - Service Development.

11. A fee may be charged to recover the cost of providing access. The fee will be determined after consideration of how and what information is to be provided and is based on the draft maximum fees in the legislation.

Research
Research projects are overseen and approved by the IDI Ethics Committee.
All research conducted by the Institute will be conducted in accordance with the Statutory Guidelines on Research, Health Records Act, 2001 Office of the Health Services Commissioner (Victoria), February 2002 and the IDI Privacy and Confidentiality Policy.