Information Collection and Holding
- The types of information we collect and hold as a medical practice, which is likely to include ‘health information’ as defined by the Privacy Act
- How we collect and hold personal information
Purposes for Collection, Holding, Use and Disclosure
- The reasons for which we collect, hold, use, and disclose personal information
Access and Correction of Personal Information
- How patients can access their personal information and request corrections if necessary
Complaints and Resolution
- How patients can file a complaint about a violation of the Australian Privacy Principles and our process for addressing such complaints
Disclosure to Overseas Recipients
- Whether we may disclose personal information to overseas recipients.
2. Personal information we collect
Our clinic may collect and hold the following types of personal information about our patients:
- Name, address, date of birth, email and contact details
- Medicare number, DVA number and other government identifiers, however, these are not used for identifying patients within our practice
Health Information We Collect
In addition to the above information, we may also collect and hold the following health-related information about our patients:
- Notes on symptoms and diagnosis, as well as the treatment provided
- Specialist reports and test results
- Appointment and billing details
- Prescription and other pharmaceutical purchase information
- Genetic information
- Healthcare identifier
- Any other information about race, sexuality or religion, as collected by a health service provider.
3. Collection of personal information
Our clinic generally collects personal information from the following sources:
- Directly from patients when they provide their details to us, such as through face-to-face discussions, telephone conversations, registration forms, or online forms
- From a person responsible for the patient, such as a legal guardian or caretaker
- From third parties where permitted by the Privacy Act or other laws. This may include, but is not limited to: other members of the patient’s healthcare team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, the patient’s health insurer, and the Pharmaceutical Benefits Scheme.
4. Use of personal information
Our clinic generally uses personal information for the following purposes:
- To provide health services to patients
- To communicate with patients regarding their health services
- To comply with legal obligations, such as mandatory notification of communicable diseases or mandatory reporting under child protection legislation
- To manage accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, and management of our IT systems
- For consultations with other healthcare professionals involved in the patient’s care
- To obtain, analyse and discuss test results from diagnostic and pathology laboratories
- For identification and insurance claiming
- To upload and download personal information to and from the My Health Record system, if the patient has one
- Through an electronic transfer of prescriptions service
- To liaise with health funds, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs, and the Office of the Australian Information Commissioner (OAIC) if a privacy complaint is filed.
5. Accessing and correcting personal information
Patients have the right to access and request correction of the personal information that our clinic holds about them. To access and correct your health record, please contact our practice as noted under “Contact Details.”
We will typically respond to access and correction requests within 20 business days.
6. Storing and protecting personal information
Our clinic takes the protection of personal information seriously, and our staff are trained and expected to respect and protect patient privacy. To ensure the security of personal information, we take reasonable steps to protect it from misuse, loss, and unauthorized access, modification, or disclosure. These steps include, but are not limited to:
- Storing personal information on access-restricted computer servers
- Utilising asymmetric encryption and Australian data centers when backing up personal information to cloud services
- Enforcing staff confidentiality agreements
- Following secure document retention and destruction policies.
7. Anonymity and pseudonyms
In certain situations, patients have the right to remain anonymous or use a pseudonym when interacting with our clinic. This may be the case when patients are seeking certain types of medical advice or treatment, such as counseling or testing for a sensitive condition.
We understand the importance of privacy and confidentiality in these cases and will make every effort to accommodate requests for anonymity or the use of a pseudonym. Patients should inform our staff of their preference for anonymity or the use of a pseudonym at the time of their initial contact with our clinic.
It’s important to note that in some cases, the use of anonymity or a pseudonym may limit our ability to provide the best possible care. In such situations, we will discuss this with patients and work together to find a solution that meets their needs while also ensuring the delivery of appropriate medical care.
We take the protection of our patients’ personal information seriously, and we encourage patients to share their concerns and preferences with us. We are committed to providing a safe and secure environment for our patients and will make every effort to respect their privacy and anonymity.
8. Overseas disclosure
In certain situations, it may be necessary for our clinic to disclose personal information about patients to recipients located outside of Australia. This may include, but is not limited to:
- When patients receive medical treatment or services from healthcare providers located outside of Australia
- When our clinic shares personal information with affiliated clinics or hospitals located outside of Australia
We understand the importance of protecting personal information and take steps to ensure that any disclosure to overseas recipients is done in compliance with the Privacy Act 1988 (Cth) and other relevant laws and regulations.
We will only disclose personal information to overseas recipients if:
- The recipient is subject to laws that provide similar protection for personal information as is required under the Privacy Act
- We have taken reasonable steps to ensure that the overseas recipient does not breach the Privacy Act
- We have executed a contract with the recipient that requires them to comply with the Privacy Act
Patients have the right to request details of any overseas recipients to whom their personal information has been disclosed. Patients can make this request by contacting our clinic as noted under ‘Contact Details’.
We will make every effort to ensure the security of personal information that is disclosed to overseas recipients and will take appropriate steps to address any concerns or complaints related to such disclosures.
9. Use and management of personal information
Our clinic is committed to using and managing personal information in accordance with the Privacy Act 1988 (Cth) and other relevant laws and regulations. This includes:
- Collecting personal information only when necessary and for specific, lawful purposes
- Keeping personal information accurate, up-to-date, and complete
- Storing personal information in a secure environment and taking appropriate measures to protect it from unauthorized access, modification, or disclosure
- Retaining personal information only as long as necessary for the purposes for which it was collected
- Providing patients with access to their personal information and allowing them to request corrections if necessary
Our clinic understands the importance of transparency and accountability when it comes to the use and management of personal information. We have established internal policies and procedures to ensure that we are compliant with the Privacy Act and other relevant laws and regulations.
We have also appointed a designated Privacy Officer who is responsible for monitoring our compliance with the Privacy Act and other relevant laws, and for addressing any concerns or complaints related to the use and management of personal information.
We are committed to maintaining the trust of our patients by using and managing personal information in a responsible and transparent manner. If patients have any concerns or questions about how their personal information is being used or managed, they may contact our clinic as noted under ‘Contact Details’.
10. Privacy related questions and complaints
If patients have any questions or concerns about privacy-related issues, or wish to file a complaint about a violation of the Australian Privacy Principles or the handling of their personal information by our clinic, they may do so in writing by contacting us at the details provided.
We will typically respond to such requests within 20 business days. If patients are not satisfied with our response, they may refer the matter to the Office of the Australian Information Commissioner (OAIC) by:
- PHONE: 1300 363 992
- EMAIL: [email protected]
- FACSIMILE: +61 2 9284 9666
- POST: GPO Box 5218, Sydney NSW 2001
- WEB: https://www.oaic.gov.au/
We encourage our patients to reach out to us if they have any concerns or issues with the handling of their personal information, and we are committed to resolving them in a timely and satisfactory manner.