Privacy Policy

In complying with the Privacy Amendment (Private Sector) Act 2000, our practice explains how we collect, use and disclose personal information, how patients can access that information and how they can seek the correction of that information.

This Privacy Policy is current from October 2015. From time to time we may make changes to our policy, processes and systems in relation to how we handle personal information. We will update this Privacy Policy to reflect any changes. Our policy and any changes to our policy will be available on our website, in the practice and upon request.

Our practice collects information that is necessary and relevant to provide patients with medical care and treatment and manage our medical clinic. This information includes patient name, address, date of birth, gender, ethnicity, Medicare number, health information, family history, credit card and direct debit details (where applicable) and contact details. This information is stored on our computer medical records system. Wherever practicable information will only be collected from the patient personally. However, in some circumstances the practice may need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers.

Information is collected in various ways, such as over the phone or in writing, in person in our clinic or email. This information is collected by medical and non-medical staff. In emergency situations the practice may also need to collect information from relatives or friends.
The practice retains medical records for certain periods of time, as required by law, depending on the age at the time the practice provides services. Personal health information and medical records may be collected, used and disclosed for the following reasons:

  • For communicating relevant information with other treating doctors, specialists or allied health professionals
  • For follow up reminder/recall notices
  • For National/State or Territory registers (e.g. Immunisation data)
  • For State/Territory reminder systems, (e.g. cervical screening -pap smears reminders or familiar cancer registries)
  • Account/Medicare/Health Insurance ProceduresAccount/Medicare/Health Insurance Procedures
  • Quality Assurance activities such as accreditation
  • For disease notification as required by law (e.g. infectious diseases)
  • For use by all doctors, general practice nurses and allied health professionals in this group practice when consulting with you
  • For legal related disclosures as required by a court of law (e.g. subpoena, court order, suspected child abuse).
  • For research purposes (de-identified, meaning you are not able to be identified from the information given).

Our practice has systems in place to protect the privacy, security, quality and integrity of the data. The practice takes reasonable steps to ensure that personal information is accurate, complete, up to date and relevant. For this purpose staff will ask patients to confirm that their contact details are correct when they attend a consultation. Patients are advised to inform staff if the information we hold is incorrect or out of date.

Our practice ensures that our practice computers and servers comply with the RACGP computer security checklist. Personal information is protected by securing the premises, placing passwords and varying levels of access on databases and protect electronic information from unauthorised interference, access, modification and disclosure; and providing locked cabinets and rooms for the storage of physical records.

Patients are entitled to request access to their medical records only upon receipt of a signed request in writing. No patient information is to be released to a third party unless the request is made in writing and provides evidence of a signed authority to release the requested information, to either the patient directly or a third party.

A fee for the administrative costs will be charged for retrieving and providing copies of medical records. Patients may be denied access to their own medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to their health or safety. Patients will be informed of why access is denied and the options they have to respond to our decision. If patients have any concerns or wish to restrict access to their personal health information they are required to discuss with their doctor or the receptionist. This practice adheres to principles of the RACGP Handbook for the Management of Health Information in Private Medical Practice and has a written policy, which is available to all patients for inspection.

Complaints

If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint, we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Privacy Commissioner in your State or Territory (Privacy Hotline 1300 363 992).