As at 20.04.2020
· Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988. Our policy is to inform you of:
· the kinds of information that we collect and hold, which, as a medical practice, is likely to be “health information” for the purpose of the Privacy Act;
· how we collect and hold personal information;
· the purpose for which we collect, hold, use and disclose personal information;
· how you may access your personal information and seek corrections of that information;
· how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
· Whether we are likely to disclose personal information to overseas recipients.
2. What kinds of personal information do we collect?
The type of information we may collect and hold includes:
· Your name, address, date of birth, email, contact details
· Medicare number, DVA number, pension/ concession number, health fund information
· Other health information about you, including:
o Notes of your symptoms, or diagnosis and treatment given to you
o Your specialists reports and tests results
o Your appointment and billing details
o Your prescriptions and other pharmaceutical purchases
o Your genetic information
o Your healthcare identifier
o Any other information about your race, sexuality or religion, when collected by a health service provider.
3. How do we collect and hold personal information?
We will generally collect personal information:
· From you directly when you provide your details to us. This might be via face to face discussion, telephone conversation, Tele-Health consultation via video link, completion of patient registration form, via email or website / HealthEngine enquiry.
· From a person responsible for you/ your appointments such as a guardian or NOK.
· From third parties where the Privacy Act or other law allows it- this may include but not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, Healthlink, Medicare, your health insurer, Pharmaceutical Benefits scheme.
4. Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
· To provide health services to you
· To communicate with you in relation to the health service being provided to you
· To comply with our legal obligations, including, but not limited to, mandatory notification of communicable disease or mandatory reporting under applicable child protection legislation.
· To help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, transcription services and management of our IT communications systems.
· For consultations with other doctors and allied health professionals involved in your healthcare;
· To obtain, analyse and discuss test results from diagnostic and pathology laboratories
· For identification and insurance claiming
· To obtain information such as discharge summaries from hospitals utilising Healthlink.
· To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
5. How can you access and correct your personal information?
You have a right to seek access to, and make correction of the personal information we hold about you. We require that you put any request for information in writing and our practice will respond within 30days. Please note you may be charged a fee to cover the administrative costs occurred in providing access to your information however any costs will be notified in advance.
For information on how to access and correct your records, please contact our practice as noted below under “contact details”.
6. How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss from unauthorised access, modification or disclosure. This includes:
· Holding your information in secure cloud storage which is Australian based and includes the following security measures:
o Endpoint Antivirus/Malware on all cloud servers
o Endpoint Antivirus/Malware on all desktops/laptops
o UTM Traffic scanning of all internet traffic inside the cloud
o Fully segregated multi-technology data backups
o Locked down Microsoft security policies
o Automated Patch Policy on all cloud servers
o Regular Cybersecurity Reviews
· Least privilege access methodology applied.
· Patient clinical data further secured inside an Australian designed and maintained 3rd party Practice Management Software.
· Our staff and doctors sign confidentiality agreements.
· Our practice has document destruction procedures for securely disposing of information.
7. Privacy related questions and complaints
If you have any questions about privacy related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by our practice, you may lodge your complaint in writing to our practice (see section 12 for contact details). We will normally respond to your request or complaint within 30 days.
If you are dissatisfied with our response, you may refer the matter to OAIC by calling 1300 363 992. For further information please visit www.oaic.gov.au
8. Dealing with us anonymously
The Privacy Act provides that you have the option of not identifying yourself, or of using a pseudonym except in certain circumstances such as where it is impracticable for us to deal with you. The provision of medical services is likely to be impacted, and billing via Medicare and/or Health fund claiming where applicable is likely to be impracticable. However, if you are prepared to forego using your health insurance or seeking a Medicare benefit and pay the practice directly, some medical treatments may be available, on a case by case basis.
9. Overseas disclosure
We may disclose your personal information overseas to the following recipients:
· Any practice or individual who assists our practice in providing medical care (such as where you have come form overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider).
· Any practice or individual overseas as requested by yourself for the purpose of ongoing medical care. (For e.g. if you move overseas and request your health record be transferred).
· Anyone else whom you authorise us to disclose it.
Our main electronic record system is maintained within Australia. We do have very limited use of overseas services such as via our website www.wageriatricspecialists.com contact form however limited information is available for you to input and once received by our practice is kept securely.
10. Updates to this policy
This policy will be reviewed from time to time to take into account new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practices website by way of uploading the new policy.
11. Privacy and websites
Our practice uses third party software providers including HealthEngine and Jimdo for our website www.wageriatricspecialists.com . Your privacy is of utmost importance hence the information available for you to input is kept to a minimum. Once the contact form is submitted and received by our practice the information is kept secure as per usual practice procedures for holding information.
12. Contact details for privacy related issues
For any enquiries please:
0448 648 769 / 08 9563 1838
Mailing Address: PO Box 8127, Angelo Street, South Perth WA 6151