Last Updated: 1 July 2017
We value your privacy and wish to protect your personal information. As we are committed to best practice in relation to the management of personal information we collect, we have developed this policy to protect your privacy. This policy is to inform you how personal information is collected and used within our practice, and the circumstances in which we may share it with third parties.
Collection and use of Personal Information
When do we get your consent?
When you first attend our practice as a patient you are asked to fill out forms which give us basic information about you and provide consent for our doctors, sonographers, employees and consultants to use your personal information. We also collect personal information about you in consultations, from referring doctors and other things parties. We will always try and obtain information from you directly but this may not always be practical (e.g. when you do not have the information).
Why we need your information?
We need to collect your personal information in order to provide the best quality healthcare services to you. Without all your information, we may not be able to provide the same standard of care.
Our main purpose for collecting, using, holding and sharing your personal information is to manage your healthcare. In order to manage your healthcare we may have to collect and disclose your information with treating doctors, referrers, hospitals, service providers (e.g. those that provide pathology or testing services) and administrative staff at our practice. We also use it for related business activities, such as complying with our legal obligations (which may include notification of communicable diseases), financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).
Can you deal with us anonymously?
The Australian law generally allows individuals to deal with third parties anonymously or under a pseudonym, unless it is impracticable or the law otherwise allows the third party to only deal with identified individuals.
It would be impractical for us to deal with patients on an anonymous basis or under a pseudonym, as it would prevent us from communicating with other medical professionals involved in your care and there is a risk that we would not be able to contact you in the case of an emergency. Also, because we are required to interact with Medicare, keep accurate records, provide medical reports, and ensure reliable payment we will not be able to deal with you on an anonymous basis. If requested, we will verbally address you by a pseudonym, however our records will need to use the name under which you are known to Medicare.
Kinds of personal information we collect
The information we may collect and maintain about you includes but is not limited to:
- your name, date of birth, addresses, contact details;
- medical information, including medical history, past and present medications prescribed to you, allergies, adverse events, immunisations, social history, family history and risk factors;
- Medicare number (where available) for identification and claiming purposes;
- healthcare identifiers and health fund details;
- referrals to and from other health service providers; and
- treatment, screens, medical service outcomes, results and reports.
The documents and records in relation to the above remain our property at all times. However, you have a right to access our records as set out below.
How do we collect personal information?
We will generally collect personal information from:
- you directly when you provide us with your details;
- a person responsible for you; or
- third parties where the Privacy Act 1988 or other laws allow (e.g. other health care providers, your health fund, the Department of Veteran’s Affairs or diagnostic imaging services).
As outlined above, when you first attend our practice we collect personal information from you.
We may also collect personal information when you visit our website, send us an email or SMS, telephone us or make an appointment online. We may also collect further information during the provision of medical services, for example, where your doctor takes notes during a consultation.
How do we hold personal information?
Your personal information may be stored at our practice in various forms, including paper records, electronic records, visual records, and audio recordings. For example, if you come in for an appointment and your Doctor takes a scan, the Doctor may record notes of the appointment in a Dictaphone, in hand written notes, or make notes on your electronic file. The scans will also be recorded on the electronic file.
We also ensure the following for electronic records:
- that electronic records are stored securely as our system allows with a username and password to login, and will only be accessible by staff of this practice;
- backup tapes or other media will be stored securely or destroyed;
- anti-virus software will be present on all computers with automatic updates;
- confidential information will not be sent by email unless encrypted;
- all emails will be sent with a confidentiality and privilege notice; and
- IT equipment will be stored in secure private areas of practice.
We also ensure the following for physical records:
- current physical records will be stored securely in cabinets, which require a key to open and are only accessible by staff of this practice; and
- older physical records will be stored in a building with security measures in place.
Disclosure of Personal Information
Ordinarily we will not release the contents of your medical file without your consent. The Privacy Consent form you have signed allows us to disclose information to the following entities and people:
- others involved in your health care, including your referring General Practitioner (GP) or other referring service provider, pathology clinics, and specialists outside this medical practice.
This may occur through referral to other doctors, or in the reports or results returned to us following the referrals;
- other doctors practicing at QUFW, including locums and Registrars;
- our subsidiary and associated entities, including any businesses we engage to assist in running our practice;
- entities that your doctor works for in addition to us;
- any new medical practice where your treating doctor transfers or moves to in the future; and
- external contractors (e.g. IT Contractors), but only where those contractors are accessing our records generally to help us with any issues we are having.
Despite this, there may be occasions where the law will require us to release the details of your file irrespective of whether you consent to the disclosure of the information is given. This includes where:
- there is a serious threat to an individual’s life, health and safety;
- there is suspected unlawful activity;
- there is a specific requirement by law, for example, when served with a subpoena or other court order;
- reasonably necessary for a range of functions or activities carried out by or on behalf of a law enforcement body;
- you are physically or legally incapable of giving consent and the disclosure to a person responsible for you is necessary to provide appropriate health care or treatment or for compassionate reasons and this is not contrary to any prior wish or wish that the responsible person is aware.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing. We will never sell your information to anyone else.
Are we likely to disclose personal information to overseas recipients?
We do not intend to disclose your personal information to overseas recipients. However, at times we may use secure cloud storage services that may have servers located overseas.
We will only disclose information to overseas recipients if we have received your written authorisation and consent. If you want to give us written authority and consent to disclose your information to an overseas recipient please contact reception or the Practice Manager using the details provided below, and we will provide you with the relevant form to complete.
Access and Correction of Personal information
How can you access your personal information?
Subject to the Privacy Act 1988, you can request access and correction of personal information which we hold about you.
If you want to give request access to your personal information, please contact reception or the Practice Manager (using the details provided below) and we will provide you with the relevant form to complete. We will use our best endeavors to respond to your request within 30 days.
We may not be able to provide you with all the personal information you have requested because we need to consider if there may be a risk of physical or mental harm to you or any other person that may result from disclosure of your information. Accordingly, we may give you access to the records after we have removed any information that will affect the privacy of other individuals.
You will not be charged for making a request, but we may charge you for the costs of complying with the request. Depending on what is involved, you may be asked to contribute to the cost of providing the information. If a fee will be charged for providing access, you will be advised of the approximate cost in advance.
How can you correct your personal information?
Our practice will take reasonable steps to ensure your personal information is kept accurate and up to date. From time to time we will ask you to verify that your personal information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager (using the details set out below).
If we refuse a request to correct information, we will:
- provide you with notice in writing setting out the reasons for the refusal and setting out the mechanisms available to you to complain about the refusal; and
- note your request on the file.
We will not charge you for the costs of making a request for correction or for the costs of correcting the personal information.
We will use our best endeavours to respond to your request within 30 days.
Our website may, at times, utilise “cookies” which allow us to monitor our web traffic. Generally, a cookie does not identify you personally but may identify your internet service provider and IP address. We extend the same privacy protection to personal information gathered from our website to that gathered from other sources.
Our website may, at times, contain links to other third party websites. Any access to and use of such websites is not governed by this Policy, but is governed by the privacy policies of those third party websites. We are not responsible for the information practices of third party websites.
If you have any queries about this policy, your rights about access and correction of personal information, or any privacy concerns, please contact us using the details set out below:
Telephone: (07) 3831 1777
Address: Level 1, 55 Little Edward St, Spring Hill Qld 4000
Please address your correspondence to the attention of the Practice Manager and mark it “private and confidential: privacy”.
How can you make a privacy related complaint?
We take complaints and concerns regarding privacy seriously. We ask that you advise us of any privacy concerns you may have in writing. Please direct any questions or complaints to the Practice Manager using the postal address or email address listed above. We will then attempt to resolve it in accordance with our resolution procedure.
Any complaint will be thoroughly investigated by us and you will be notified of the making of any decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.
If we are unable to resolve your complaint you may also contact the Office of the Australian Information Commissioner (OAIC). The OAIC will generally require you to give us time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.
Updates to this Policy
This policy will be reviewed from time to time to take into account new laws and technology, changes to our operations and other necessary developments. When this policy is updated we will publish the updated policy on our website and place a notice at reception advising patients of the updated policy for 3 months after the change.