Introduction
Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:
- the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and seek the correction of that information;
- how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- whether we are likely to disclose personal information to overseas recipients;
What kinds of personal information do we collect?
The type of information we may collect and hold includes:
- Your name, address, date of birth, email and contact details
- Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
- Other health information about you, including:
- Notes of your symptoms or diagnosis and the treatment given to you.
- Your specialist reports and test results.
- Your appointment and billing details.
- Your prescriptions and other pharmaceutical purchases.
- Your dental records.
- Your genetic information.
- Your healthcare identifier.
- Any other information about your race, sexuality or religion, when collected by a health service provider.
How do we collect and hold personal information?
We will generally collect personal information:
- From you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online form.
- From a person responsible for you.
- From third parties where the Privacy Act or other law allows it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme.
This information may be collected by medical and non-medical staff.
Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- To provide health services to you.
- To communicate with you in relation to the health service being provided to you.
- To comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
- To help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems.
- For consultations with other doctors and allied health professional involved in your healthcare.
- To obtain, analyse and discuss test results from diagnostic and pathology laboratories.
- For identification and insurance claiming.
- To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
How can you access and correct your personal information?
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
If you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you contact us in writing.
How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:
- Securing our premises;
- Holding your information in secure cloud storage;
- Placing strong passwords and varying access levels on hardware and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
- Providing locked cabinets and rooms for the storage of physical records.
Privacy related questions and complaints
If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.
We have determined that it is largely impracticable for our practice to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.
Therefore, we require that you use your name and not a pseudonym.
Overseas disclosure.
We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.
Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website.
Privacy and websites
See our Privacy page.
Contact details for privacy related issues
Please direct any queries, complaints, requests for access to medical records to:
Leah Grimaldi
Phone: 1300 563 344
Post: PO Box 930, Potts Point NSW 1335, Australia
Contact us via webform.