Introduction
This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.
We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles (APPs) and relevant State and Territory privacy legislation (referred to as privacy legislation).
This Privacy Policy is current from 1/1/2019 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.
Collection
We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, credit card and direct debit details and contact details. This information is stored on our computer medical records system.
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the Myhealth record system.
We collect information in various ways, such as over the phone, or in writing, in person in our practices or over the internet if you transact with us online. This information may be collected by medical and non-medical staff. In emergency situations we may also need to collect information from your relatives or friends.
We are required by law to retain medical records for certain periods of time depending on your age at the time we provide services.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays. Referrals are generated from our clinical software and contain only relevant information to your healthcare needs.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the Myhealth record system. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
Data Quality and Security
We will take reasonable steps to ensure that your personal information is accurate, compete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by:
- – securing our premises;
- – placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
Corrections
If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing – PO Box 79, Wamuran. Qld. 4512.
Access
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within 30 days.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
Complaints
If you have a complaint about the privacy of your personal information (including complaints about our use of the Myhealth record system or breach of APPs), we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory. You may also contact The Health Rights Commission at GPO Box 3089, Brisbane, Qld. 4001 or on Phone 1800 077 308 (free call).
Patient Anonymity
A GP is required to identify patients in order to provide care in certain situations. While a patient can choose to remain anonymous, the amount of care they can then receive may be limited. As many services require patient identification to be legally provided by the GP, patient identifiers are necessary. However, when a health service can treat a patient anonymously (legally and practically), it means the health service will not retain any identifying information about the patient and, as such, the collection of patient identifiers would be unnecessary.
According to the Office of the Australian Information Commissioner (OAIC), a person has the right to remain anonymous, or to use a pseudonym, when dealing with providers. However, a provider does not have to give the option of anonymity where it is impractical to do so or they are required or authorised by law to deal with identified individuals.
Patients can only remain anonymous in consultations/services where it is both lawful and practical to do so. While the patient has a right to anonymity for health services, if they choose to remain anonymous, the GP is restricted in what level of service they can provide. There are a range of circumstances where providing services anonymously is not practical, such as:
- – a service that requires follow up (patient identification is required to get in touch with them)
- – when a multi-disciplinary team is needed to provide care
- – when medical history is needed in order to provide safe and appropriate care
- – when a patient requires access to a Medicare (MBS) or Pharmaceutical Benefits Scheme (PBS) rebate
- – services provided to staff who are also patients of the health service.
Some services, as listed above, including the provision of MBS and PBS benefits, are unlawful unless a patient is properly identified. A GP’s medico-legal advisor can provide advice on situations where lawfulness is in question.
An example of an appropriate anonymous service is a telephone service for general or referral advice or providing general assistance (for basic information or on issues such as quitting smoking or mental health).
All concerns pertaining to this clause must be addressed in writing to the CEO, David Holzgrefe at PO Box 79, Wamuran. Qld. 4512.
Overseas Transfer of Data
We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.
Contact
Please direct any queries, complaints, requests for access to medical records to the CEO – Mr David Holzgrefe, P.O. Box 79, Wamuran. Qld. 4512.
End Notes and References
- – IMS Group Code of Conduct
While every effort is made by the IMS Group to ensure information in our Code of Conduct is current and compliant with legislation at the time of writing, changes in information and related materials are subject to variation without notice.
Last Updated: 01/01/2019