Complying with the Privacy Act. A survey of medical records management.

BACKGROUND A survey of 142 South Australian general practices was conducted on the eve of the new Privacy Act amendments coming into force. OBJECTIVE The survey had two aims: to establish the extent to which medical records systems were already compliant, and to identify those areas in which change would be required in order to achieve compliance with the requirements of the new legislation. DISCUSSION The sample was biased in favour of larger group practices. Among the practices surveyed, the areas of best compliance were in providing security, allowing patients access to records and obtaining consent for disclosure of information. There was poor compliance with the requirement to provide patients with information about medical records, or to have a practice policy on privacy. Anonymous care was rarely offered to patients. General practices will need to develop policies and procedures to address these requirements of the new law. Some general practices met the standard required by the amended Privacy Act before it came into force. For those who were not compliant, relatively simple measures will overcome the most common deficiencies.