GPAC-N Terms and Conditions

GPAC‑N — General Terms & Conditions of Use

Effective: July 2025
Review: Annually or as required
Document owner: Clinical Governance & Operations

1) Scope and Relationship to Other Documents

These General Terms apply to anyone who uses GPAC‑N systems or participates in GPAC‑N supported activities in any setting (RACFs, mobile outreach, telehealth, hosted practice sites), including GPs, IMGs, registrars, nurses, allied health, contractors, practice staff and RACF personnel (“Users”).
They supplement (and do not replace) applicable laws, RACF rules, program rules (e.g., Medicare/MyMedicare), and GPAC‑N Policies (Privacy, Information Security, Acceptable Use, Telehealth, Clinical Governance, Incident & Complaints, Records Management).

2) Principles and Conduct

  • Patient‑centred & equitable: Care is respectful, culturally safe, and accessible.

  • Clinical independence: Practitioners exercise their own clinical judgement within scope and standards.

  • Team‑based care: Shared care may involve nurses, allied health, registrars, or alternate GPs; consent is documented.

  • Professional conduct: Zero tolerance for bullying, harassment, discrimination, or victimisation.

3) Access to Systems and Facilities

  • Authorised use only: Credentials are personal; do not share. Multi‑factor authentication (MFA) must be used where provided.

  • Acceptable use: No unauthorised access, data scraping, security bypassing, or consumer messaging apps for patient data.

  • Devices: BYOD is allowed only if the device is encrypted, passcode‑protected, up‑to‑date, and (where required) enrolled in Mobile Device Management (MDM). Lost/stolen devices must be reported immediately for remote lock/wipe.

  • Downtime & contingencies: If systems are unavailable, follow the approved downtime procedure and transcribe promptly when restored.

  • Audit: System activity may be logged and monitored for safety, privacy and quality assurance.

4) Privacy, Security and Data Handling

  • Compliance: Users follow the Privacy Act 1988 (Cth), Australian Privacy Principles, relevant State/Territory health records laws, and My Health Record rules (if used).

  • Minimum necessary access: Access only what you need to provide care or perform your role.

  • AI documentation: AI‑assisted scribing is used only with patient consent; identifiable data is not retained in the AI tool; outputs are clinician‑reviewed; drafts in the tool are deleted after review per policy.

  • Secure sharing: Use approved secure messaging or portals—no patient data via personal email, SMS, or social media.

  • Cross‑border processing: Where a vendor stores/processes data offshore, GPAC‑N ensures privacy safeguards; Users must not export records outside approved systems.

  • Data breach: Suspected or actual privacy/security incidents must be reported to GPAC‑N immediately (and within 24 hours) for assessment under the Notifiable Data Breach (NDB) scheme.

5) Clinical Governance and Safety

  • Standards: Users comply with AHPRA registration, RACGP Standards (as applicable), local credentialing, scope‑of‑practice limits, and RACF policies (e.g., infection control, emergency procedures).

  • Documentation: Clinical notes are accurate, contemporaneous, and captured in the approved PMS/record system; results and recalls are actively managed.

  • Medicines management: Follow Schedule 8/poisons requirements, RACF medication protocols, and safe storage/transport.

  • Incidents & open disclosure: Clinical incidents, near misses, and complaints are reported via the GPAC‑N incident pathway; apologise and disclose in line with open‑disclosure principles.

  • Registrar involvement: Students/registrars participate under approved supervision levels; patient consent is recorded for involvement in care.

  • Cultural safety: Provide culturally responsive care, including for Aboriginal and Torres Strait Islander peoples; use interpreters where required.

6) Communications and Partner Interface

  • With residents/families/SDMs: Be clear, respectful and inclusive; document key discussions and consent.

  • With RACFs: Adhere to escalation trees, handover standards, and local clinical pathways; contribute to case conferences and care plans as reasonable.

  • Accessibility: Arrange interpreters or accessible formats where needed; avoid jargon; provide written summaries where appropriate.

7) Records Management

  • Custody & control: Custody of clinical records is determined by the relevant engagement/hosting model and GPAC‑N Records Policy; regardless of custody, Users must maintain complete, legible records.

  • Retention: Follow Australian retention rules (e.g., adults generally ≥7 years after last entry; minors until age 25 or ≥7 years after last entry—whichever is later).

  • Release & access: Handle requests (patient access, subpoenas, insurer requests) strictly under policy and law; log disclosures.

  • Portability on exit: On provider exit, records are handled under the Records Policy to maintain continuity of care and legal compliance.

8) Telehealth and Mobile Care

  • Identity & location: Verify identity and location at the start of telehealth; note emergency contacts and local emergency services arrangements.

  • Clinical appropriateness: Use telehealth where clinically suitable; convert to in‑person or urgent care if red flags emerge.

  • Technology failure: If the session drops, follow the fallback plan (call‑back, alternate platform, or in‑person).

  • Mobile practice: When visiting RACFs or homes, follow WHS, manual‑handling, infection‑control and lone‑worker safety procedures.

9) Billing, Programs and Marketing (General)

  • Compliance: Users must bill compliantly under Medicare, DVA, WorkCover and private fee rules; claims must reflect the clinical record.

  • Programs: Where relevant (e.g., MyMedicare, incentives), comply with current program rules and any practice/RACF participation settings.

  • Practice signage & advertising: Any “bulk‑billing” or program participation claims must be accurate, current, and approved; remove or update signage if participation changes.

  • Financial splits and flows: Any fee‑splits, incentive redirections, or payment allocations are governed by the separate engagement agreement or schedule, not by these General Terms.

10) Conflicts, Gifts and External Interests

  • Conflicts: Declare and manage actual or perceived conflicts of interest (e.g., financial interests in referred services).

  • Gifts & benefits: Comply with anti‑bribery and gifts policies; do not accept benefits that could reasonably influence clinical decisions.

  • Modern slavery & sanctions: Do not knowingly engage suppliers or arrangements that breach modern slavery expectations or sanctions—report concerns promptly.

11) Training, Credentialing and Readiness to Practise

  • Mandatory checks: Maintain AHPRA registration, PI insurance, CPR, immunisation, police/NDIS/aged‑care checks as required.

  • Core training: Complete and refresh GPAC‑N and RACF mandatory modules (privacy, security, infection control, manual handling, SIRS where applicable, telehealth safety).

  • Scope changes: Notify GPAC‑N if circumstances affect your fitness to practise (e.g., conditions on registration, restrictions, or material health changes).

12) Safety in RACF Environments (WHS)

  • Local rules: Comply with visitor/contractor induction, PPE, outbreak protocols, and emergency codes.

  • Hazards: Report hazards promptly and participate in reasonable investigations and corrective actions.

  • After‑hours & emergencies: Follow RACF escalation; for life‑threatening emergencies instruct to call 000 and escalate per protocol.

13) Suspension or Restriction of Access

GPAC‑N may suspend or limit a User’s access to systems or sites where there is a privacy/security incident, serious non‑compliance, credentialing lapse, or patient‑safety concern. Access is restored when risks are mitigated and minimum requirements are met.

14) Complaints, Feedback and Whistleblowing

  • Service or privacy complaints: Use the GPAC‑N Complaints pathway or contact the Privacy Officer (privacy@gpacn.org.au).

  • Escalation: Unresolved privacy complaints may be escalated to the OAIC; clinical safety matters may involve the AHPRA/ACQSC pathways as appropriate.

  • Whistleblowing: Disclosures made in good faith are protected under GPAC‑N’s Whistleblower framework.

15) Changes to These General Terms

For operational, safety or compliance reasons GPAC‑N may update these General Terms and will publish the current version on the portal (and/or notify Users via usual communications). Updates do not change any commercial entitlements or obligations in a signed agreement; where a signed agreement incorporates these General Terms by reference, that agreement’s change mechanism applies.

16) Disclaimers (What These General Terms Do / Don’t Do)

  • Not a contract for services: These General Terms do not create an employment, partnership, agency, or contractor relationship, and do not set payment arrangements.

  • No direction of care: GPAC‑N provides systems and governance; each practitioner remains responsible for their clinical decisions and compliance.

  • Law prevails: Where law or a signed agreement differs, that instrument prevails.

17) Key Definitions (Plain English)

  • Clinical Records: Health information generated in care.

  • Facilities: RACFs or other premises where services occur.

  • Policies: GPAC‑N published policies referenced by these General Terms.

  • Systems: GPAC‑N digital platforms (PMS, secure messaging, portals, analytics) and approved third‑party tools.

18) Contacts

  • Privacy Officer: privacy@gpacn.org.au

  • Clinical Governance: [insert email/phone]

  • IT/Security Support: [insert email/phone]

  • Complaints: [insert email/portal link]