Legal and privacy issues with PIP QI Incentive

MIPS is aware that many of our GP members are working in healthcare practices that participate in the Australian Government’s Practice Incentives Program (PIP). The PIP Quality Improvement (QI) Incentive commenced on 1 August 2019. Some MIPS members have expressed concerns about the contract requirements including the privacy and security of data sent to third party data providers (eg PEN, POLAR).

cyber-cover

The Australian Government has established a framework and guidelines to govern the management of the data and the risks. Practices must ensure they meet the PIP Eligible Data Set Data Governance Framework requirements in addition to the normal management of private information such as secure storage and transmission. Third party software providers will also be expected to store and handle data received appropriately.

Practitioners already have existing professional and legal obligations to ensure the information contained in their patient files is current, accurate, securely stored, and confidential. These responsibilities do not change for general practices participating in the PIP QI Incentive.

MIPS advises all practices participating to:

  • ensure they are aware of the data requirements in the Governance framework including appropriately deidentifying records.
  • Ensure you display a poster advising patients of your practice’s participation in reception and make further information available electronically on request (eg web link or PDF via email).
  • Record ‘opt outs’ should you have patients that do not want to participate (consent to participate is implied so patients are included by default unless they opt out). In the case of POLAR, the poster states “Please let our reception staff know if you do not want your information to be included”.
  • Review and update the practice’s privacy policy to state that de-identified data may be shared with third parties for research and quality improvement.

For more information see the Fact Sheet August 2019 published by the Department of Health: PIP QI Incentive, What practices need to know.

Cyber Private Enterprise Policy

MIPS members may be eligible to receive additional cover under the Cyber Private Enterprise Policy, subject to separate application and approval (you must also be eligible for the Practice Entity Policy). There is cover for privacy breaches to a limit of $100,000 with a deductible for each claim of $1,000.

This cover applies to a 'Cyber event', which means any actual or suspected unauthorised system access, electronic attack or privacy breach, including denial of service attack, cyber terrorism, hacking attack, Trojan horse, phishing attack, man-in-the-middle attack, application-layer attack, compromised key attack, malware infection (including spyware or Ransomware) or computer virus.

Related on-demand education you may be interested in

webinar
Medicare and the PSR - update and emerging issues
Daniel Davison (Meridian Lawyers) and Dr Peter Simpson (MIPS) will highlight the recent developments regarding recovery from practices and the strategic direction of Medicare and the PSR. Medicare billing and the PSR has long since been one of MIPS’ most frequently asked about is ...

Share this article on:

Provide feedback

How would you rate this article?* - required
Mandatory field(s) marked with *

Got an article to submit?

More news...

The materials provided are for educational purposes only. Whilst all reasonable care has been taken in preparing these materials, including the accuracy of the information supplied, MIPS does not accept any liability whatsoever arising out of the use or reliance of the information provided. Contact MIPS 24/7 Clinico-Legal Support 1800 061 113 or education@mips.com.au for specific advice.