JME / IME information

What is the TAC’s position on Independent Medical Examinations and Joint Medical Examinations during the COVID-19 crisis?

With the easing of COVID-19 restrictions, face to face medico-legal examinations (Independent Medical Examinations and Joint Medical Examinations) have resumed.

Where medico-legal examiners are conducting any pre-examination vaccination status checks or COVID Safety procedures to enable a client to attend in person, the TAC has asked examiners to undertake all communication to the client at least 5 days prior to the appointment date. This will provide the client with as much notice as possible with respect to any specific requirements. The TAC does not hold the vaccination status of clients and it is the responsibility of the examiner to contact and follow up directly with the client or their legal representative.

The TAC continues to be supportive of clients and examiners expressing their preference to participate in a medico-legal examination via video-conference (where it is appropriate and reasonable to do so), in place of attending in person.

The TAC’s expectation is that all medico-legal examiners will operate in accordance with the COVIDSafe Principles for Business and have compliant COVIDSafe plans.

The TAC remains committed to delivering client entitlements throughout this time and will work with examiners and clients to facilitate this.

What considerations should be made for video software for Independent Medical Examinations and Joint Medical Examinations?

When using video conferencing software or apps for medico-legal examinations (IMEs and JMEs), consider the following:

Privacy laws require you to take reasonable steps to protect the personal information you collect use and disclose. Sensitive and health information have extra protections under Victorian privacy laws.

Free software and apps often access your device's contacts, your friends list and your photos, and can use them for any purpose they want. The terms and conditions of free software usually give the software owner some rights in accessing and using your data. Free software usually also has lower levels of technical protection (making hacking easier). Read the terms and conditions and privacy policy. If the software is free, your data and your clients' data is probably the price.

Better privacy and security often comes by upgrading to a paid version or by purchasing a license.

Ask if it is necessary to record an exam, or if the exam can be done without recording. If you use recording, you must obtain your patient’s permission and be even more certain that the facilities you are using are secure. For example, if you record a teleconference and the recording is stored anywhere outside Victoria, that location must have privacy laws equal to or better to Victorian laws, or you must have client consent to send their information to whatever location the recording is stored at. If there is no recording, then this reduces the privacy risks.

Search for the company on the internet. Look for news articles about the company having previous privacy or data breaches or being investigated by privacy regulators. If you find any articles, seriously consider not using the service.

Find out if the company has a privacy policy on their website. Avoid the software if they don’t. You want the company to be open and transparent about what they’re doing with your and your patients' information.

Read the terms and conditions and check for the following:

  • Is the reason that the company can access and use your data and any recorded content solely for the reason of providing the video conferencing? Any use of patient data for reasons not associated with providing their video conferencing services may breach privacy laws.
  • What does the company say about limitation of liability? A good company will not limit liability to a small dollar amount.
  • Does the company agree that they will ensure the software is fit for purpose? The terms and conditions for free software often say that the company makes no guarantees that the service will function as intended.
  • Who owns the data? Best practice is that you own your data, not the company. This is sometimes under the heading ‘intellectual property’.

Read the privacy policy and check for the following:

  • What will the company do with the information they collect? Will the company disclose it to others? Ideally the company will only use it for the purpose they collected it and will not disclose to others unless required to by law.
  • Which privacy laws will the company comply with? The company needs to comply with Australian privacy laws in order to be privacy compliant. Relevant Australian and Victorian privacy laws are the Privacy Act 1988 (Cth); Privacy and Data Protection Act 2014 (Vic), which governs personal and sensitive information; and the Health Records Act 2001 (Vic), which governs health information.
  • Where does the company store its data? If the data is stored overseas this is likely not to be compliant with Australian privacy laws. Privacy laws say that data stored overseas must be stored in a country that has a similar level of privacy protections as Victoria. Access this website to compare privacy protection laws. Australia has heavy privacy protection laws. Other countries with heavy privacy protections include Canada, Finland, Italy, Norway, Singapore, Spain and Sweden. Countries with poor privacy protections or known problems include China, India, Ireland, Russia, South Korea, UK and USA.
  • Records management – what will the company do with the data when their contract with you expires? Will they delete it or return it to you? Do they say how long they will keep the data?
  • Does the company have any information on their website about their security features? If they do, the best practice is data encryption in transit and at rest.