Medico-Legal Advisory Service (MLAS) handled over 20,000 calls last year,
advising members and practices on how to prevent or respond to adverse
incidents. Available 24/7 in emergencies, our MLAS provides expert advice to
help minimise the chance of a complaint or claim occurring. Based on common
queries our MLAS have received, here are six steps to take to protect your practice.
1. Know your mandatory data breach requirements
This year, new legislation came into effect on 22 February, placing a legal obligation on doctors and practices within the
private sector to notify individuals
– and the Office of the Information Commissioner (OAIC) – if their information
has been affected by a ‘notifiable data breach.’
A breach will need to be notified if a data breach is likely
to result in serious harm and remedial action cannot be taken to prevent the
likelihood of serious harm.
To reduce the risk of a privacy breach in the first
place, it’s important to take the
following steps in your practice:
- ensure you and your staff are aware of your privacy obligations
- review and update privacy and security procedures, including processes for managing staff authorisation, authentication and access to records
- create a process for proactively detecting data breaches
- create a detailed data breach
response plan if a
privacy or security breach is discovered
- create a business continuity
plan and disaster recovery plan, so that if there is a disruption to your
systems you can continue to operate your practice.
If you aren’t already
familiar with the new privacy laws, read our
article or visit our website
for more resources.
2. Understand Medicare
Medicare is paying closer
attention to doctors’ activities. The Department of Health is increasing its
Medicare and Professional Services Review compliance activity. Medicare audits
have recently been conducted in relation to the billing of initial and subsequent
consultation items by specialists and the
use of overnight sleep study items by sleep physicians.
Doctors are legally responsible for services billed to
Medicare under their Medicare provider number or in their name. Doctors are
also responsible for incorrect claims regardless of who does the billing or
receives the benefit.
To ensure services are billed correctly under Medicare, practices
are advised to:
- make sure the
doctor under whose provider number services are to be billed, reviews and
authorises the items claimed
- use the full online version of the
Medicare Benefits Schedule (MBS) to determine what services are billed and always refer to any
explanatory notes. This is better than relying on abbreviated summaries of the
- review The Department of Health’s range
of online resources which assist
practices and doctors in understanding the MBS and billing services accurately.
For example, item numbers for skin excision items and Chronic Disease Management
- be especially
careful to ensure chronic disease management plans are billed appropriately –
particularly in relation to the need to consult with contributing providers
about the care they will provide in a Team Care Arrangement and the review of
For more information on specialist referrals and initial
consultations, refer to our article and decision-making flowchart.
3. Know what is, and isn’t, advertising
Many practices are unintentionally breaching national advertising laws
through the use of testimonials and social media.
In April 2017, the Australian Health Practitioner Regulation
Agency (AHPRA) outlined its approach to enforcing
compliance with advertising standards. With a renewed focus on
advertising compliance, and significant penalties for breaches, it is important
to understand how you can promote your practice while staying within the law.
Review AHPRA’s Guidelines for
Advertising Regulated Health Services to
understand your responsibilities.
Some key tips include:
- avoid using language or images which may mislead or cause a
patient to have an unreasonable expectation of beneficial treatment
don’t use testimonials or repost positive comments from other
social media platforms
- set your website and other social media platform settings so that
users are unable to leave comments.
For more information on what you can and can’t advertise, read our article.
4. Use electronic
Practices are increasingly
embracing technology such as SMS or email to communicate with your patients. While
this certainly has benefits, it’s important to keep in mind that electronic communications
may be subject to cyber threats, privacy obligations and the Spam Act 2003 (Cth).
If you are communicating with
your patients via SMS, refer to our factsheet
for tips when using this channel and developing a
SMS messaging policy.
organisations are increasingly requesting that information be sent to them via
email. Your practice has an obligation to take reasonable steps to protect the
privacy and security of information it holds including when it is transmitted
or disclosed outside the organisation.
The use of
passwords or encryption can reduce the risk of a data breach, although there is
no legal requirement that emails be encrypted or password protected. The Royal Australasian College
of General Practitioners provides
guidance on using email for practices to reduce the risk of interception of data and sending emails to
incorrect addresses, including:
- use of passwords
- use of encryption
- verification of the recipient’s email address
- obtaining consent
- use of secure messaging facilities between
You should have a policy and procedure in place to manage
the electronic transmission of personal information, including the steps the practice
will take to ensure the privacy and security of information transferred outside
your practice is protected.
5. Know what patient information can be
disclosed to third parties
Practices and doctors can share a
patient’s medical information with a third party if they have authority from
the patient to do so or are required to by law.
Carefully read the information request
and the patient’s authority to ensure the correct documentation is shared and
that it’s within the scope of the patient’s authority.
Examples where legislation requires you
to share health information without the patient’s express permission include:
- public health requirements to report infectious diseases
- summons or subpoenas to produce medical records to a court or
- a police search warrant.
Read our article
to find out the requirements for consent, your legal obligations and when you
can refuse to provide medical
records. You can also watch our video, Managing requests
for medical records.
6. Update policies and processes for transition to the RACGP’s new practice standards
In October 2017, the RACGP released the Standards for general practices (5th edition) (the Standards).
In order to align with the Standards, GP practices
will need to update their policies, procedures and processes. It is also
important these changes have been communicated with the practice team to ensure
the changes are understood and implemented in a timely manner. Read our article for more information on the new modules and
indicators covered in the Standards.
If you have a PracticeHub subscription, you will notice that the
updated policies and procedures were added to your site from 1 December, 2017.
It is important that all practices:
- review the new Standards for
general practices (5th edition)
- review the new content and ensure they
have procedures in place to ensure staff know how to comply with these
- allocate the changes to the relevant
roles inyour practice for compliance sign-off.
Practices undertaking accreditation over the next 12 months should
check with their accreditation provider about the changeover date for
assessment. Accreditation providers are also conducting webinars and workshops
on the requirements for practices to meet the new Standards.
If your practice is notified of a Medicare audit or
experiences a data breach, or any other medico-legal issue, contact our MLAS on 1800 128 268 for expert advice on how to
Does your practice have the protection it needs?
Many practice owners assume their practitioner indemnity also covers their practice entity and their staff, which is sometimes not the case. To protect practice owners, our practice insurance offers your practice comprehensive protection and works hand in hand with your Avant Practitioner Indemnity Insurance Policy.
Avant’s Practice Medical Indemnity Insurance* covers the legal costs of defending your practice against allegations and complaints, and compensation for patient loss or injury. For added peace of mind, your policy also offers you and your staff unlimited access to our MLAS, which provides expert advice, 24/7 in emergencies, to help minimise the chance of a complaint or claim occurring. Find out more about our comprehensive suite of practice insurances which are designed to work together to make running a practice easier, safer and more efficient – click here or call us today on 1800 128 268 to organise a quote.
Practicehub – Simplifying practice
If you would like to find out how Avant’s online practice
management platform, PracticeHub, can make managing your practice simpler, safer and more
efficient, please contact us on 1300 96 86 36 or email@example.com.
*IMPORTANT: The Practice Medical Indemnity Policy is issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765. This policy is available at www.avant.org.au or by contacting us on 1800 128 268. Practices need to consider other forms of insurance including directors’ and officers’ liability, public and products liability, property and business interruption insurance, and workers compensation.
Share your view
We welcome your feedback on this article – email the Editor at: firstname.lastname@example.org