Privacy Policy
Introduction
This Privacy Policy is to provide information to you, our patient, on how your personal information
(which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.
All personal information collected in the course of providing a health service is considered health information. Health information is ‘sensitive information’ which means there are stricter requirements when handling this information.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare.
Only staff who needs to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).
What personal information do we collect and definition of a patient’s health record?
The information, held about a patient, in paper form or electronic form, which may include:
- Names, date of birth, addresses, contact details
- Medical information including medical history, medications, genetic information, allergies, adverse events, immunisations, social history, family history and risk factors
- Billing information and Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers
- Health fund details.
- notes on treatment
- observations
- correspondence
- investigations
- test results photographs
- prescription records
- medication charts
- insurance information
- legal information and reports
- work health and safety reports
What happens if we do not collect your personal information?
If you do not provide us with all the personal information we request, our doctors may not be able to provide services to you. We only collect as much personal information from you as our doctors need to provide you with services and to allow us to obtain payment on their behalf for services incurred.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice will collect your personal information:
- When you make your first appointment our practice staff will collect your personal and demographic information via your registration
- During the course of providing medical services, we ask for verification by using the three approved identifiers (e.g. Full name, date of birth and address) at each appointment, communication over the telephone or electronically.
- Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record via Shared Health Summary or Event Summary.
- We may also collect your personal information when you visit our website, send us an email, Telephone us, and make an online appointment or communicate with us using social media.
In some circumstances personal information may also be collected from other sources. This is because it is not practical or reasonable to collect it from you directly. This may include information from:
- Your guardian or responsible person
- Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- Your health fund, Medicare, or the Department of Veteran's Affairs (as necessary).
Providing your information to other doctor’s/healthcare professionals
The doctor(s) in this practice respect your right to decide how your personal health information is used or disclosed (for example to other doctors). In all but exceptional circumstances, personal information that identifies you will be sent to other people only with your consent. Gaining your consent is the guiding principle. The doctor will discuss with you, at the time, any disclosure including through Electronic Transfer Prescriptions (eTP), MyHealth Record/PCEHR system (e.g. via Shared Health Summary, Event Summary).
In this practice, it is customary for all doctors to have access to all the medical records. If you have any concerns about other doctors at this practice being able to see your records discuss your concerns with your doctor.
It is important that other people involved in your care, such as other doctors or health professionals, are informed of relevant parts of your medical history so they can best care for you. Our doctors use document automation technologies through Best Practice software. The referral templates are set to include only relevant medical information from your file, so the specialist, hospital or Allied Health Professional etc. receiving the referral has the necessary information for your treatment. Your doctor will let you know before this occurs. If you have any concerns about this discuss them with your doctor. You will be given a copy of this referral at the end of the consult.
All employees of this clinic are bound by confidentiality agreements.
Providing your information to others
Your doctor will not disclose your personal health information to a third party unless:
- you have consented to the disclosure: or
- this disclosure is necessary because you are at risk of harm without treatment and you are unable to give consent - for example you might be unconscious after an accident; or
- your doctor is legally obliged to disclose the information (e.g., notification of certain infectious diseases or suspected child abuse, or a subpoena or court order); or
- the information is necessary to obtain Medicare payments or other health insurance rebates; or
- there is an overriding public health and safety interest in the release of the information.
In the above cases, only information necessary to meet the requirements will be provided. Your health information will not be sent oversea by the practice or practice staff. If you require your records for overseas, a copy will be supplied (by completing the necessary form and paying the practice fee applicable) for you to take or send overseas.
There are times when disclosure is necessary for the doctors in the practice to carry out a review of their practice for the purpose of improving the quality of care provided and the activity has been approved under Commonwealth or State legislation. This provides safeguards to protect the confidentiality of the information provided.
In any of the above cases only information which is necessary to achieve the objective will be provided.
Any third party providers required to provide services to the practice (e.g. IT), will have access which is strictly limited to only that which is necessary to provide their service.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.
Telehealth Appointments
The doctor will get your verbal consent and record this in your patient file every time you have a telehealth consult. A copy of your paid invoice or the Medicare bulk billing claim form will be emailed to you at the end of the consult along with any referrals, radiology or pathology requests the doctor has issued for you. Any prescriptions required will be sent separately as an email or as an eScript to your phone.
We do not do real-time audio/visual recording duplication and storage of a consultation other than for a telehealth appointment where a typed record of the consult will be entered by the doctor, on your patient file in the clinic.
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms. - Electronic records, paper records and visual i.e. X rays CT scans, photos our practice stores all personal information securely.
All our electronic records are protected in our information system with password authority, and the best available firewall security as advised by our IT consultant. Any hard copies are stored within a locked and security monitored building. All staff and contractors have confidentially agreements in place.
We are subject to a range of rules relating to the periods for which health information and records must be retained. We must retain health information about an individual:
- For at least 7 years from the last occasion on which we provided a health service to the patient – if we collected the information when the patient was 18 years old or older: or
- At least until the individual turns 25 – if we collected the information when the patient was less than 18 years old.
How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. A fee may be incurred for recovery, inspection, collating, copying, postage and recovery off site if applicable.
Our practice will take reasonable steps to correct your personal information where the information is:
- Not accurate or up-to-date. We will ask you to verify your personal information held by our practice is correct and up-to-date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice or emailed to The Practice Manager - admin@mardenmedical.com.au
Notifiable data breaches
We are required to notify the Office of the Australian Information Commissioner about eligible data breaches. A data response team has been established to assess, take remedial action and report where required a suspected breach.
How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing or email to The Practice Manager - admin@mardenmedica.com.au
We will then attempt to resolve it in accordance with our resolution procedure and within a reasonable time frame not exceeding 30 days.
You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to have contacted the clinic and given us time to respond, before they investigate.
For further information, visit
www.oaic.gov.au
or call the OAIC on 1300 363 992.
This Privacy policy is reviewed regularly to ensure it is in accordance with any changes that may occur. Notification of any substantive amendments to this policy will appear on our website as well as notification within our waiting room area.