JME / IME information
What is the TAC’s position on Independent Medical Examinations and Joint Medical Examinations during the COVID-19 crisis?
Following changes to the Victorian Government’s coronavirus restrictions announced on 18 October, the TAC recognises that medico-legal examinations (Independent Medical Examinations and Joint Medical Examinations) may now be conducted via video-conference or face to face. Where a physical examination is necessary then these can now occur as part of a face to face examination.
The TAC will continue to support medico-legal examinations being undertaken, where appropriate, by video-conference or desktop assessment.
The TAC's expectation is that all medico-legal examiners will operate in accordance with the COVIDSafe Principles for Business and have a compliant COVIDSafe plan.
The TAC remains committed to delivering client entitlements throughout this time and will work with examiners and clients to facilitate this.
What considerations should be made for video software for Independent Medical Examinations and Joint Medical Examinations?
When using video conferencing software or apps for medico-legal examinations (IMEs and JMEs), consider the following:
Privacy laws require you to take reasonable steps to protect the personal information you collect use and disclose. Sensitive and health information have extra protections under Victorian privacy laws.
Better privacy and security often comes by upgrading to a paid version or by purchasing a license.
Ask if it is necessary to record an exam, or if the exam can be done without recording. If you use recording, you must obtain your patient’s permission and be even more certain that the facilities you are using are secure. For example, if you record a teleconference and the recording is stored anywhere outside Victoria, that location must have privacy laws equal to or better to Victorian laws, or you must have client consent to send their information to whatever location the recording is stored at. If there is no recording, then this reduces the privacy risks.
Search for the company on the internet. Look for news articles about the company having previous privacy or data breaches or being investigated by privacy regulators. If you find any articles, seriously consider not using the service.
Read the terms and conditions and check for the following:
- Is the reason that the company can access and use your data and any recorded content solely for the reason of providing the video conferencing? Any use of patient data for reasons not associated with providing their video conferencing services may breach privacy laws.
- What does the company say about limitation of liability? A good company will not limit liability to a small dollar amount.
- Does the company agree that they will ensure the software is fit for purpose? The terms and conditions for free software often say that the company makes no guarantees that the service will function as intended.
- Who owns the data? Best practice is that you own your data, not the company. This is sometimes under the heading ‘intellectual property’.
- What will the company do with the information they collect? Will the company disclose it to others? Ideally the company will only use it for the purpose they collected it and will not disclose to others unless required to by law.
- Which privacy laws will the company comply with? The company needs to comply with Australian privacy laws in order to be privacy compliant. Relevant Australian and Victorian privacy laws are the Privacy Act 1988 (Cth); Privacy and Data Protection Act 2014 (Vic), which governs personal and sensitive information; and the Health Records Act 2001 (Vic), which governs health information.
- Where does the company store its data? If the data is stored overseas this is likely not to be compliant with Australian privacy laws. Privacy laws say that data stored overseas must be stored in a country that has a similar level of privacy protections as Victoria. Access this website to compare privacy protection laws. Australia has heavy privacy protection laws. Other countries with heavy privacy protections include Canada, Finland, Italy, Norway, Singapore, Spain and Sweden. Countries with poor privacy protections or known problems include China, India, Ireland, Russia, South Korea, UK and USA.
- Records management – what will the company do with the data when their contract with you expires? Will they delete it or return it to you? Do they say how long they will keep the data?
- Does the company have any information on their website about their security features? If they do, the best practice is data encryption in transit and at rest.