Applying Organisational Processes

Submitted by coleen.yan@edd… on Wed, 05/17/2023 - 16:02

In this part of module 6, we will look at the importance of understanding and adhering to New Zealand legislation on privacy and confidentiality. Additionally, we'll explore how you can effectively apply your workplace's policies and procedures for recording and storing patient information. This part of the course won’t make you a lawyer, but it will ensure you have an awareness of the laws that apply to you and those who work in a health and well-being setting. 

Sub Topics

Support workers are required to comply with all relevant laws, standards, ethical guidelines, and organisational policies and procedures that apply to their role. There are many laws and standards that you need to be aware of which will be relevant to your everyday practice.  

Legislation relevant to your support worker role includes Acts. Acts are pieces of statutory legislation that have been passed by the New Zealand Parliament, which means that they are laws. Examples of legislation applicable to health and wellbeing settings include: 

  • Health and Disability Commissioner (Code of Health and Disability Services Consumers’ Rights) Regulations 1996 (the Code of Rights) 
  • Health and Disability Services (Safety) Act 2001 
  • Health and Safety at Work Act 2015 
  • Human Rights Act 1993 
  • New Zealand Bill of Rights Act 1990 
  • Official Information Act 1982 
  • Privacy Act 2020 

Each Act guides different aspects of client care. For example, the Human Rights Act protects people from certain kinds of discrimination in public life and breaches of their human rights. 

Standards 

Legislative Acts tend to be very broad and apply to a whole range of industries. Standards, on the other hand, tend to be more industry-specific. Standards guide an industry or organisation on how to comply with the Acts. 

The New Zealand standard relevant to support workers is NZS 8134:2021 Ngā paerewa Health and disability services standard. This can be accessed HERE

The Ministry of Health administers this standard. A range of institutions, including aged-care residences and mental health and disability services, are required to comply with this standard. 

It sets out what providers need to do to provide safe services for clients. It defines the rights of people receiving care, such as being treated with respect and being able to make informed choices. It defines the responsibilities of providers, e.g., staff must have appropriate levels of knowledge and skills and must provide personalised treatment in consultation with the client. Providers must provide medications in a safe and timely manner and must consider preferences and nutritional needs when providing food. The standard focuses on the safety of clients and staff. 

Organisational policies and procedures are developed according to legal and industry requirements. Therefore, organisational policies and procedures will instruct employees on work practices that comply with these Acts and the NZS 8134:2021 standard. 

Activity - Quiz

The Privacy Act 2020 is legislation designed to protect the privacy of an individual. It defines such things as: 

  • What personal information is
  • When personal information can lawfully be collected and from whom
  • How personal information should be stored
  • Who has access to personal information
  • How personal information can be used or disclosed.

In a healthcare setting, there will be a legitimate need to collect and store personal information. This will include contact details and medical data. Because of the deeply private nature of this information, the Privacy Act must be adhered to rigorously. It is important to note that the Act defines personal information very broadly: anything that identifies someone is personal. 

As a support worker, you will frequently be called upon to share information about your client with team members or external health suppliers. Therefore, you must understand who you are authorised to share information with. The Privacy Act dictates that, as a rule, personal information must not be shared. However, there are circumstances under which it can be shared with certain people or institutions. For example, a subject may authorise their information to be shared with medical staff. Or if the sharing of information will lessen a serious threat, it can be disclosed. For example, in an emergency, you could share medical details with an ambulance or hospital staff. 

Your organisation should have policies related to minor breaches of privacy and what rectification will be made. The Act defines a notifiable privacy breach as one that causes significant harm. If a significant privacy breach is identified, the Act dictates that the Privacy Commissioner is notified. 

Activity - Quiz

The Privacy Commissioner issues Codes of Practice for specific industries, organisations, or types of personal information. Currently, there are six different codes, including the Health Information Privacy Code. Information and access to the code published by the Privacy Commissioner can be found here.  

This code has special rules for health agencies. It covers how they collect, use, and share health information. The code replaces the privacy principles for the health sector. It applies to agencies that provide health services, like doctors, nurses, aged care services and facilities and other health-related groups, even if they don't directly serve individuals, such as the Ministry of Health and health insurers. The rules are there to protect the information about people's health. 

Activity - Research 

Read this Health Information Privacy Code Fact sheet 1 –   and answer the questions below: 

The Code’s 13 health information privacy rules  

13 rules in the Health Information Privacy Code govern how health information is collected, used, held and disclosed.  

From the point of view of a health agency, the rules in the Code can be summarised:  

  1. Only collect health information if you really need it.  
  2. Get it straight from the people concerned where possible.  
  3. Tell them what you’re going to do with it.  
  4. Be considerate when you’re getting it.  
  5. Take care of it once you’ve got it.  
  6. People can see their health information if they want to.  
  7. They can correct it if it’s wrong.  
  8. Make sure health information is correct before you use it.  
  9. Get rid of it when you’re done with it.  
  10. Use it for the purpose you got it.  
  11. Only disclose it if you have a good reason.  
  12. Make sure that health information sent overseas is adequately protected.  
  13. Only assign unique identifiers where permitted.  

Watch this video that explains the 13 Health Information Privacy Rules outlined in Health Information Privacy Code 2020. Using pen and paper, write a brief explanation about each rule.  

After watching the video and making notes, add more notes under each rule explaining why it is important for healthcare providers to comply with the rule. Keep these notes. You will want to refer to them later. 

Scenario 

Read the scenario below to see how the Health Information Privacy Code 2020 relates to your role as a support worker.  

A person reading a medical record on a tablet device

You are a support worker in a residential care home in New Zealand, responsible for providing care and assistance to elderly residents. One of the residents, Mr Sanders, has recently been admitted to the facility. Mr Sanders has a complex medical history, including chronic conditions and medications that need careful monitoring. 

One morning, as you begin your shift, you notice that Mr. Sanders seems a bit more fatigued than usual. Concerned about his well-being, you decide to check his medical records for any recent changes in his health status. According to the records, Mr Sanders had a medical appointment yesterday, and there might be updates on his condition. 

Following the Health Information Privacy Code 2020, you take the following steps: 

  1. Purposeful Collection: You access Mr Sanders's health information with a specific purpose in mind – to understand any recent changes in his health and well-being. 
  2. Informed Consent: Recognising the importance of informed consent, you consider Mr Sanders's right to privacy. Before accessing his information, you ensure that you have a legitimate reason and that it aligns with your caregiving responsibilities. 
  3. Confidentiality: While reviewing the records, you are mindful of the confidentiality of Mr Sanders's health information. You make sure to do this in a private area, away from other residents and staff, respecting his right to privacy. 
  4. Accuracy and Relevance: You focus on gathering only the relevant information related to Mr Sanders's recent health appointment and avoid accessing unnecessary details. This aligns with the Code's emphasis on accuracy and relevance in health information handling. 
  5. Secure Handling: As you collect and review the information, you ensure the records are securely stored and not left unattended. This reflects the Code's requirement to take care of health information once accessed. 
An elderly client talking to a client

As support workers, it's important to understand the process for individuals to complain if they believe their health information has been mishandled by a health provider. The Health Information Privacy Code 2020, section 7 outlines a clear procedure to ensure individuals can voice their concerns and seek resolution. 

The process for lodging such a complaint typically involves the following steps: 

Step 1: Recognising Concerns 

  • The process begins when someone realises there's a problem with how their health information is being treated. 

Step 2: Talking to the Health Provider 

  • People are encouraged to talk directly to the health provider, using any provided complaint channels or reaching out to the privacy officer. 
  • The health provider looks into the complaint, led by privacy officers, working to resolve the issue and follow the Health Information Privacy Code. 
  • If the issue is resolved, the health provider explains the solution to the person, keeping the process transparent. 

Step 3: Contacting the Privacy Commissioner 

  • If problems continue, the person can contact the Office of the Privacy Commissioner for an independent review. 
  • The Commissioner's office checks the complaint to see if there's a breach of the Health Information Privacy Code. 

Step 4: Going to the Human Rights Review Tribunal 

  • If the person is still not satisfied, they can take the complaint to the Human Rights Review Tribunal, an independent group that can decide on privacy complaints. 

Activity - Scenario and Questions

Read this scenario and answer the questions below.  

In an aged care residential facility, Alex, a support worker, is responsible for updating residents' care plans on the facility's computer system. During a brief break, Alex steps away without logging out of the computer, inadvertently leaving sensitive health information accessible to anyone passing by. 

Later in the day, Alex meets a friend visiting the facility. In a casual conversation in the facility's lobby, Alex shares specific health details about residents, discussing medications and recent incidents without ensuring privacy or obtaining consent. 

Use the documentation tool below to answer the remaining questions. 

Policies and procedures set out clear expectations for each employee in that organisation. They outline what's expected from your job role, complementing your employment agreement. Policies and procedures support employment agreements by providing details on matters that might not have been originally discussed in person. 

Definition of policy and procedure 

A policy is a set of rules or principles to be followed in a particular area; e.g., a leave policy might explain the expectations for requesting holiday leave. 

A procedure is the way something is done, e.g., the forms that need to be filled out for requesting holiday leave. 

A policy will often be supported by multiple procedure documents. For example, an organisation's health and safety policy might be linked to accident reporting procedures, evacuation procedures, hazard reporting procedures, etc. 

Policies are general, whereas procedures are specific. The following is an example of an accident-reporting procedure: 

  • Check immediate safety
  • Help injured people or call a doctor
  • Secure the area
  • Inform emergency services if required
  • Fill in any required reports, including accident forms
  • Inform your supervisor. 

Procedures will vary depending on where you are and what has happened. It is important to follow your organisation's specific procedures. 

Organisations typically develop a wide range of policies and procedures to assist workers in their roles. Policy and procedure documents are often compiled in a manual or are available on an organisation’s intranet for easy staff access. 

Activity: Forum 

Click on this link to view the range of staff policies and procedures from HomeCare+

Select one policy or procedure and read through it, then head to the forum and discuss the following in the Policy/Procedures thread: 

  • Which policy or procedure did you read? 
  • What are some of the points that were included? 
  • How could this document support your role? 

Activity - Case study 

Read the following case study and reflect on how you would respond. 

Imagine you are working at a residential care home. One of your clients has a family meeting to discuss medical matters, and her daughter Chloe will be attending. As you walk into the reception area to greet Chloe, you realise that she has brought along her 5-year-old son Tyler and 8-year-old daughter Hannah. Chloe tells you that her kids are too sick to go to school. Chloe tells you that she will leave the children in the waiting room and that Hannah can look after Tyler, but you note that Tyler is restless and crying. You also notice that other residents are distracted by Tyler. 

According to your organisation's policies and procedures, for safety reasons, children must be supervised at all times, and if visitors are unwell, they are encouraged to stay away. 

Prepare, deliver and record client information as per policies and procedures.

As support workers in residential aged care, you are entrusted with the task of not just caring for residents but also ensuring the utmost privacy and accuracy in handling their personal details.  

Scenario 

Read this scenario about support worker Mya and the policies and procedures around preparing, delivering and recording client information in her workplace.  

An elderly person with a worried look on their face

Scenario: Support worker Mya is responsible for updating Mrs. McFarland's care plan, which includes sensitive information about incontinence. Mrs. McFarland is known for her reserved nature and feels extremely embarrassed about discussing such personal matters. 

Patient Information Privacy Policy: Mya's workplace prioritises patient confidentiality, and safeguarding sensitive information. Staff, including Mya, undergo regular training and sign confidentiality agreements, reinforcing the importance of protecting patient privacy. 

Information Preparation: In Mrs. McFarland's scenario, sensitive information about incontinence is prepared by Mya. She ensures that the discussion occurs in a private setting, aligning with workplace protocols. Physical documents are securely stored in locked cabinets, and electronic files are encrypted, limiting access to authorised personnel only. 

Information Delivery: Mya adheres to workplace policies by delivering patient information securely. In this case, she utilises her empathetic communication skills to discuss Mrs. McFarland's incontinence privately. The use of secure folders or secure digital channels aligns with workplace standards, maintaining the confidentiality of patient information. 

Recording: The discussion between Mya and Mrs. McFarland is documented in the patient records and care plan, following standardised protocols. Mya applies her training to record the necessary information, ensuring accuracy in the care plan. 

Data Retention and Destruction: Mya's workplace has clear policies for data retention and destruction, aligning with legal and ethical standards. Mya ensures that outdated records, which may include sensitive discussions, are securely disposed of to prevent unauthorised access. 

Compliance: Regular audits and assessments are conducted to ensure staff, including Mya, adhere to these policies. Compliance is crucial, and any deviation can result in disciplinary actions. This commitment to compliance underscores our dedication to maintaining patient privacy and upholding ethical standards in healthcare. 

Activity - Reflect 

Take a moment to reflect on the policies and procedures in place at your workplace regarding the preparation, delivery, and recording of client information. 

Preparation: 

  • How does your workplace ensure the meticulous preparation of client information? 
  • Are there specific protocols for obtaining consent, and how is the privacy of clients maintained during this process? 

Delivery: 

  • Reflect on the methods used to deliver client information to authorised recipients securely. Is there a reliance on electronic systems, secure folders, or other means? 
  • How does your workplace follow privacy policies when delivering health information between colleagues and health professionals? 

Recording: 

  • Consider how client interactions and information exchanges are currently documented in your workplace. 
  • Are there standardised protocols in place, and how do you ensure accuracy and sensitivity when recording information in client records? 

Data Retention and Destruction: 

  • Reflect on your workplace's policies for data retention and destruction. How are outdated records securely disposed of to prevent unauthorised access? 

Compliance and Accountability: 

  • How is accountability emphasised among staff members regarding the handling of client information? 

Challenges and Improvements: 

  • Identify any challenges or areas for improvement in the current policies and procedures. 
  • Consider suggestions for enhancing the effectiveness of information management in your workplace. 
Module Linking
Main Topic Image
A person reading information on a laptop
Is Study Guide?
Off
Is Assessment Consultation?
Off