Privacy Policy

PRIVACY POLICY

INTRODUCTION

At Ěḏen Lifestyle Centre we are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from August 2024 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available in the entranceway to the practice.

When you register as a patient of our practice, you provide consent for our GP and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

COLLECTION

Personal information collected

We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include:

• Your name, address, date of birth, gender, email, payment details (credit card and direct debit) and contact details.
• Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
• Other health information about you, including:
  • full medical history and family history
  • notes of your symptoms or diagnosis and the treatment given to you
  • your specialist reports and test results
  • your appointment and billing details
  • your prescriptions and other pharmaceutical purchases
  • your dental records
  • your genetic information
  • your healthcare identifier
  • any other information about your race, sexuality or religion, when collected by a health service provider.

This information may be stored on our computer medical records system and/or in handwritten medical records.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How we collect and hold personal information

When you make your first appointment our practice staff will collect your personal and demographic information via your registration.

Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as your guardian or responsible person, treating specialists, radiologists, pathologists, hospitals, other health care providers, and eHealth services e.g. My Health Record system and electronic transfer of prescriptions (eTP).

We collect information in various ways, such as over the phone, in writing, in person in our rooms or over the internet or videoconferencing if you transact with us online or engage in telehealth. This information may be collected by medical and non-medical staff.

In emergency situations we may also need to collect information from your relatives or friends.

Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

• to provide health services to you
• to communicate with you in relation to the health service being provided to you
• to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
• to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems
• for consultations with other doctors and allied health professional involved in your healthcare;
• to obtain, analyse and discuss test results from diagnostic and pathology laboratories
• for identification and insurance claiming
• If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
• Information can also be disclosed through an electronic transfer of prescriptions service.
• To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
• For research and quality assurance activities to improve individual and community health care and practice management. Usually, information that does not identify you is used but should information that will identify you be required you will be informed and given the opportunity to “opt out” of any involvement.

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.

USE AND DISCLOSURE

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law (e.g. court subpoenas), hospitals, debt collection agents, the electronic transfer of prescriptions service or to the My Health Record system. When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent. To assist in locating a missing person. To establish, exercise or defend an equitable claim. For the purpose of confidential dispute resolution process. When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification). During the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary). We may also from time to time provide statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

DATA QUALITY AND SECURITY

We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. Being able to contact you is necessary to ensure we can deliver care to you. We request that you let us know if any of the information we hold about you is incorrect or out-of-date.

Personal information that we hold is protected by:

• securing our premises;
• placing strong password protection and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure;
• Making sure that only authorised staff and practitioners have access to  your health care information on computers;
• Ensuring all staff sign confidentiality agreement prior to commencing work at the Centre
• Your doctor is the only one who has full access to your information
• providing locked cabinets and rooms for the storage of physical records;
• Holding your information on an encrypted database;
• Holding your information in secure cloud storage  (you can explain whether this information is encrypted or what other security measures are taken with third party storage);
• Making sure we have sound backup systems on our computers

Where it is necessary to conduct a telehealth consultation from our doctors’ private premises they will take reasonable steps to maintain a private and secure environment to conduct such consultations.

CORRECTIONS

If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).

ACCESS

You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

COMPLAINTS

We take complaints and concerns regarding privacy very seriously. If you have a complaint about the privacy of your personal information (including complaints about our use of the My Health Record system), we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures. We will normally respond to your request within 30 days.

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.

OVERSEAS TRANSFER OF DATA

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.

In the unlikely event that we may be required to disclose your information overseas, we may disclose your personal information to the following overseas recipients:

• any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider)
• overseas transcription services
• anyone else to whom you authorise us to disclose it

UPDATES TO THIS POLICY

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be published and printed and a copy will be displayed in the waiting area.

CONTACT

Please direct any queries, complaints, requests for access to medical records to:

A copy of the privacy policy is found on the bookshelf in the entrance of Ěḏen Lifestyle Centre.