We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.
This Privacy Policy is current from May 2022 and is reviewed annually. From time to time, we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.
Personal Information
We request your consent to hold and use personal information about you that is relevant for short and longer term medical care. This includes your name, date of birth, address, telephone numbers, gender, ethnicity, occupation, next of kin and emergency contact, Medicare number, Pension or Health Care Card number (where applicable), family and social history and health information.
We hold information concerning each of your consultations and health management. This information will be stored on our computer medical records system.
Why Collect Personal Information?
We collect personal information for the following reasons:
- Providing you with treatment
- Contacting you for various reasons eg: confirming appointment, overdue accounts etc.
- Recommending to you, or providing you with details of available services that you may need. However, you can notify us at any time if you do not wish to be contacted regarding these products or services.
- Statistical and/or research analysis, which is grouped and would not identify you as an individual
- Fulfilling our legal requirements eg: recording accurate and accessible health records, subpoena of records to the courts
Collection of Information
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers and the MyHealth Record system.
We collect information in various ways, such as over the phone or in writing or in person at our practice. This information may be collected by medical and non-medical staff. In emergency situations we may also need to collect information from your relatives or friends if you are unable to give consent, for example, unconscious or injured.
If you are under the age of 14 your information will be obtained from your parent and/or guardian.
What If Personal Information Is Not Provided?
We only collect information relevant to your medical care. If you do not provide the requested information, we might not be able to provide adequate treatment for you.
Will My Information Be Disclosed To Others?
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents.
We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
We will take reasonable steps to ensure that your personal information is accurate, compete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Will my Information Be Used in Research?
When our doctors perform clinical audits for continuing professional development and research patients are provided the opportunity individually to consent or decline to participate. Our practice only supports research that has Human Research Ethics Committee (HREC) approval in line with National Health and Medical Research Council (NHRMC) guidelines.
Confidentiality
We use secure electronic records to ensure that your information is kept safe and confidential. Patient records are only accessed by doctors and staff in relation to your medical management or practice staff for clerical purposes. Staff are trained in and adhere to general practice ethics of confidentiality.
Personal information that we hold is protected by:
- Securing our premises
- Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure
- Providing locked rooms for the storage of physical records.
- Contract with commercial Confidential Waste Service for destruction of medical records
What to Do If You Think We Have Made an Error
If you believe your records may be not be accurate, complete or up-to-date, or contain incorrect information you may address your complaint to your GP or to the Manager in writing. Our objective is to respond to any complaint promptly.
How Do I Get Access To My Personal Information?
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There will be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
Resolution of Privacy Concerns or Complaints
If you have a complaint about the privacy of your personal information, we request that you contact the Manager in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.
How Long Do You Keep My Personal Information?
Legally we are required to retain health information records for a minimum of 7 years after your last visit to our practice or for a child 7 years after the last consultation or 7 years after turning18 years of age.
Resolution of Privacy Concerns
If you are concerned about a possible interference with your privacy, you should contact the Manager. If your concerns are not resolved to your satisfaction, the matter can be referred to the Information and Privacy Commission NSW (IPC – 1800 472 679) or Office of the Australian Information Commissioner (OAIC – 1300 363 992).
Please direct any queries, complaints, requests for access to medical records please contact the practice.