Privacy Policy

Key Strategies

The key strategies utilised in the protection of patient confidentiality include:

  • Ensuring patient information to which we have access is not misused or disclosed inappropriately to others.
  • Documentation of a privacy policy clearly outlining the obligations of Kestral and Kestral staff in relation to privacy matters.
  • Staff education regarding privacy issues.
  • Kestral staff are obliged, as part of their employment contract, to adhere to the privacy policy and its operational implications.
  • De-identification of patient records wherever possible (hard and soft copy).
  • Prompt destruction or de-identification of data/records containing patient information following use.
  • Encouraging customers to de-identify, as much as is possible, any data that they forward to Kestral for the purpose of troubleshooting, problem solving or enhancements.
  • Network and website security to prevent unauthorised access to patient information; and
  • Strict upgrade procedures to protect the quality and integrity of data at client sites.

These strategies are further discussed below.

Code of Conduct

During induction, the privacy policy is introduced to new staff as one of the three key policies at Kestral. Additionally, all Kestral staff and directors must sign a code of conduct form that confirms that they have read and understood their responsibilities in relation to privacy. The form is a schedule to the employment contract. Staff are also required to keep up to date on any changes to the privacy policy that are circulated.

The key requirements for all Kestral staff includes:

  • Patient information may only be used for the support of Kestral products and not for any other purpose.
  • All information about patients MUST remain confidential and is not to be discussed with co-workers (Kestral staff or staff at a client site) unless the discussion is required in order to provide support to the customer; and
  • Kestral staff MUST NOT discuss patient information with anyone who is not a co-worker.

Disclosure to Third Parties

There are no circumstances under which Kestral as an organisation would voluntarily provide personal information about patients to a third party unless legally compelled to do so.

Protecting Hard Copy Documents that Contain Patient Information

At times, key users will provide support staff with documents that contain personal or sensitive information about patients.

Consent

When a user at a client site provides a Kestral staff member with one or more reports which demonstrate a support issue, the consent for Kestral to have the information is implied. Written consent is not obtained, as this would introduce unnecessary and time consuming paper work.

De-identification of Information

It is Kestral's policy to remove information identifying individuals from such reports wherever possible, and to encourage customers to de-identify information before passing it on to Kestral staff.

Secure Storage

In some instances the patient identifier is integral to the task and cannot be removed. Where de-identifying the material would make it impossible to carry out the support task, procedures to ensure the safe keeping of the information have been developed. These include safe keeping at the client site, and also at the Kestral office where all documents containing patient information must be stored.

Our premises are locked and protected by a security system out of hours. Hard copy information that must be retained for future reference is stored in a locked cabinet.

Destruction of Data When no Longer in Use

All other hard copy documents with identifying information, are destroyed by shredding in the office shredder following use.

Protecting Client Data Sets

In some situations for the purposes of troubleshooting or to develop system enhancements, Kestral may require access to and transfer of a full copy of a data set, complete with all patient information. In such situations Kestral will take the following steps to ensure the confidentiality of the information contained in the data sets, and to maintain control of the data set until it is destroyed.

De-identification of Information

Wherever possible, the data must be scrambled to de-identify the information, using a service utility specifically designed for that purpose. The only time the data will not be de-identified is where it is vital for the purposes of programming, testing and problem solving, that the data stay intact.

Consent

No data sets will be transferred without the consent of a nominated customer representative. The consent is recorded in an "Authority to Release Data to Kestral" form along with the period for which the data set can be retained.

Secure Storage

At Kestral, we maintain computer and network security to protect electronic information. For example, all data sets are stored at Kestral on an internal network, which is firewalled to prevent any traffic from public networks being able to access the data set. Other examples of protections include identification codes and passwords to control access to electronic information.

Access to data sets within Kestral is controlled so that only those staff directly working on the data set will have access. Copies of the data set may only be made with the consent of management and must be recorded on the consent form and in the task for the destruction of the data set.

Destruction of Data When no Longer in Use

The destruction of the data set after an agreed period is prompted by a scheduled task set up at the time the data set is imported. Destruction of the original dataset and any copies is then recorded internally and reported to the client.

Protecting Personal Information in KMS

Any electronic information forwarded from client sites is stored in a secure database to prevent unauthorised access. KMS is the database that Kestral uses to store the patient information. Access to KMS is protected by identification codes and passwords.

It may be necessary for customers to include patient identifiers in information forwarded in KMS in order to resolve some support issues. However, we strongly advise customers to minimise the use of patient identifiers as much as is practicable. Advice on limiting the use of patient identifiers, and a confidentiality statement are presented at login to KMS. Customers are requested to logoff from the website when they have finished or if they leave their computer, and to take all other reasonable steps to ensure the security and confidentiality of all information on the website. Customers must indicate they have read and accept these statements before proceeding to use KMS.

Kestral is not responsible for the inappropriate use of information requested or displayed on the website.

Protecting Patient Records During Upgrades

Strict upgrade procedures are prescribed and enforced within Kestral, in order to protect the quality and integrity of data at client sites, and to prevent the loss of patient data. The precautionary measures taken during upgrades are summarised below.

  • All upgrades are applied to test data prior to moving into production.
  • Live upgrades only proceed after client testing and sign off.
  • Prior to commencing a live upgrade, all databases undergoing manipulation during the upgrade are backed up.
  • Once the upgrade has been applied to the live data, database analysis is performed prior to bringing the system back on line.