PRIVACY DISCLOSURE STATEMENT
Introduction
The purpose of this document is to outline how we comply with our privacy obligations as required under the Privacy Act 1988 and, in particular, the National Privacy Principles set out in that Act.
We will make this privacy policy available to anyone who asks for it.
Our practice is committed to best practice in relation to the management of the information we collect. This practice has developed a policy to protect patient privacy in compliance with privacy legislation. Our policy is to inform you of:
- The kinds of personal information that we collect and hold
- How we collect and hold personal information
- The purposes for which we collect, hold, use and disclose personal information
- How you may access your personal information and seek the correction of that information
- How you may complain about breech of the Australian Privacy Principles and how we will deal with such a complaint
- Whether we are likely to disclose personal information to overseas recipients
- Internet site Privacy Policy
A high level of trust and confidentiality is required to ensure the confidence of the clients we service. We aim to ensure that your privacy will be protected when accessing our services or visiting our premises.
Collection, use and disclosure of personal information
We recognize that the personal information we collect is often of a highly sensitive nature. We have adopted the highest privacy compliance standards to ensure such information is protected.
We may collect personal information (including personal, sensitive and health information) regarding patients for the purpose of providing health services and treatment, and other social and community support services to our clients. Information collected may generally include:
- Your name, address, telephone number and Medicare, DVA number, pension or health care number, or private health insurance details
- Current treatments and drugs used by you, if necessary, that may affect the services we provide to you;
- Previous and current medical history, that may affect the services we provide to you, including any relevant family medical history;
- The name of any health service provider, medical specialist, government agency or other organisation to whom we may need to refer you, including in reports or other information provided by these organisations or agencies
We may collect personal information about you:
- Directly from you;
- From a personal responsible for you
- From third parties where the Privacy Act or other law allows it
- From some other person, organisation or agency on your behalf with your consent; or
- From a health service provider who refers you to us or to whom we refer you from time to time.
Where we collect personal information about you from another person, we will take reasonable steps to ensure you are aware of the reason why the information is being collected, how it will be used, and the names of any organisations or agencies to which we might disclose the information.
Personal information collected by us may be used or disclosed:
In general, we may collect, hold use, and disclose your personal information for the following purposes:
- To provide health services to you
- To communicate with you to comply with our legal obligation which may include mandatory notification to the relevant authority i.e. subpoena
- To help us manage our accounts and administrative services
- As required to refer you to a health service provider or specialist, if necessary, or to advocate on your behalf with government agencies and organisations to obtain other support services and benefits for you;
- For in-house marketing via mail or email, however you may opt out at any time
If you do not provide the personal information requested, we may not be able to provide you with the best treatment and services needed to assist you.
We may use personal information about you for direct marketing purposes – sending in-house newsletter or specific marketing related to services we provide within the practice. However you may opt out at any time.
Do we disclose your personal information overseas?
We may disclose your personal information to the following oversea recipients:
- Any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas ir have treatment continuing from an overseas provider)
- Anyone else towhom you authorise us to disclose it
- Anyone else where authorised by law
We will not give any of your information to marketing companies
Other people’s information which you provide to us
If you provide personal information to us about someone else (such as a family member, close friend, personal carer or medical service provider) you must ensure that you are entitled to disclose that personal information to us.
You should take reasonable steps to ensure that the individual concerned is aware of the various matters detailed in this policy, including our identity, how to contact us, our purposes for collecting the information, our information disclosure practices, the individual’s right to obtain access to the information and to have it corrected, and the consequences for the individual if the information is not provided.
Security and storage of personal information
We will use all reasonable endeavors to ensure that health information about you is protected from misuse, loss, and unauthorized access, modification or disclosure, other than in accordance with this policy or the Privacy Act 1988.
Your personal information may be stored either in hard copy or electronic form in our files and/or IT systems.
We keep health information for a minimum of 7 years from the date of last entry in our records (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we may be required to maintain such records under some laws.
We take extra precautions to ensure the security of health and sensitive information held in our records due to the sensitive nature of the information collected by us to provide our services.
All staff members within the clinic are aware of the privacy standards to which we behold them and will also uphold these.
Our records in hard copy are stored in a locked room, which is only accessible to staff members. The actual site of our offices is alarmed and securely monitored. Electronic information is stored via a secure web based system that is routinely backed-up.
Gaining access to information we hold about you
We will, on request, provide you with access to the personal information we hold about you unless there is an exception which applies under the Privacy Act 1988, such as where we have a legal duty not to disclose the information or where it may be harmful to you to do so.
Your request to obtain access to your information will be dealt with in a reasonable time. We may recover from you our reasonable costs of providing you with access.
If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied on under the Privacy Act 1988.
Keeping your personal information up to date
We take reasonable steps to ensure your personal information is accurate, complete and up to date whenever we collect or use it.
If you think any of the personal information we hold about you is inaccurate, incomplete or out of date, please contact us and, if we agree, we will take reasonable steps to correct the information or, if necessary, discuss alternative options that may be available to you.
Internet site privacy policies
We may collect contact information (such as e-mail addresses) for you and other individuals via our internet site.
Unless you object, by using our internet site you consent to us using your personal information collected:
to monitor who is accessing the internet site or using services offered on the internet site; and
to profile the type of people accessing the internet site.
We utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may preserve the content of any e-mail you send us if we believe we have a legal requirement to do so or are otherwise permitted to do so under the Privacy Act.
By using our internet site you consent to your e-mail message content being monitored by us for trouble-shooting or maintenance purposes or if any form of e-mail abuse is suspected.
Personal information which we collect may be aggregated for analysis but in such circumstances we would ensure that individuals remain anonymous.
How to Make a Complaint
We will take reasonable steps to protect the security of your information and comply with our legal obligations., Our staff are trained and required to respect your privacy. We take reasonable steps to protect your information held from misuse, loss and unauthorised access, modification or disclosure.
If you have any questions about privacy related issues – or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, please contact our Privacy Officer.
How to contact us regarding privacy issues
If you wish to complain to us about a breach of your privacy, access your own personal information held by us, correct any information held by us concerning your own personal information or find out more about how we deal with personal information, please contact:
The Privacy Officer
Yvette Copling