Privacy

Introduction

This privacy policy provides information to you on how your personal information (which includes your health information) is collected and used, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient, you provide consent for us to access and use your personal information so that we can provide you with the best possible healthcare. Whilst we use a shared medical record, only doctors and staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

We need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, audits and accreditation, and business processes (e.g. staff training).

Your health information may be used for secondary purposes such as research, trials and audits. No information that personally identifies you will be disclosed for these secondary purposes, without your express permission.

What personal information do we collect?

The information we will collect about you includes, but is not limited to, your:

• Full name, date of birth, address, contact details, next of kin
• Medical information including medical history, medications, allergies, and family history
• Medicare/DVA number (where available) for identification and claiming purposes
• Health fund and third-party insurer details
• Contact details for other healthcare providers involved in your care

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

In the medical context, this is not likely to be practicable or possible for Medicare and insurance rebate purposes. It could also be dangerous to your health.

How do we collect personal information?

We may collect your personal information in several different ways:

• When you make your first appointment our staff will collect your personal and demographic information over the phone and/or via your registration form.
• During the course of providing medical services, we may collect further personal information.
• We may also collect your personal information when you send us an email, telephone us, make an online enquiry or communicate with us using social media.

In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

• your guardian or responsible person
• other involved healthcare providers, such as general practitioners, specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
• your health fund, Medicare, or the Department of Veterans Affairs (as necessary)

We may receive unsolicited personal information about you. In a reasonable period after receiving the information, we will determine whether or not we could have collected the information from you in accordance with the Australian Privacy Principles. If not, and if lawful and reasonable to do so, we will advise the sender and destroy or de-identify the information.

When, why and with whom do we share your personal information?

We sometimes share your personal information:

• with third parties who work with us for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with the Australian Privacy Principles and this policy
• with other healthcare providers (e.g. referring doctor/specialist, hospital, anaesthetist)
• when it is required or authorised by law (e.g. court subpoenas)
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of a confidential dispute resolution process
• when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Your health information may be used for research, trials and audits. This research and statistical data may be presented at conferences overseas and/or published in international journals. No information that personally identifies you will be disclosed without your express consent.

How do we store and protect your personal information?

Your personal information may be stored in various forms, e.g. paper records, electronic records, visual records (X-rays, CT scans, videos and photos), and audio recordings.

We store all personal information securely. Electronic records are password protected, protected by firewalls and monitored. Access is by authorised personnel only, who are bound by confidentiality agreements. Paper and visual records are securely stored.

In compliance with the Privacy Amendment (Notifiable Data Breaches) Act 2017, we will notify you and the Australian Information Commissioner if a data breach is likely to result in serious harm to you.

How can you access and correct your personal information?

You have the right to request access to, and correction of, your personal information.

Patients may request access to their medical records. You will not be charged for making a request, but reasonable fees may be charged for providing the information (e.g. administration time or photocopying).

If you are requesting access to the information of another patient, we may not grant access without that person’s consent. We recognise that children over the age of 15 can request confidentiality regarding their health care. This will be managed on a case-by-case basis.

We will take reasonable steps to correct your personal information where it is not accurate or up to date.

How can you lodge a privacy-related complaint, and how will the complaint be handled?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns in writing. We will respond within 30 days of receiving your complaint.

You may also contact the Office of the Australian Information Commissioner (OAIC). For further information visit www.oaic.gov.au or call 1300 363 992.

Privacy and our website

We collect no personal information about you when you visit our website unless you choose to provide it. Certain information is automatically collected, such as IP address, device identifiers, page views and referral data. This may be collected through cookies, web beacons and standard tracking technologies.

Policy review statement

This policy will be reviewed regularly to ensure it remains in accordance with legislative changes. Updates will be communicated via our website.