Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:
- the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and seek the correction of that information;
- how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- whether we are likely to disclose personal information to overseas recipients.
- What kinds of personal information do we collect?
The type of information we may collect, and hold includes:
- Your name, address, date of birth, email and contact details;
- Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice;
- Other health information about you, including:
- notes of your symptoms or diagnosis and the treatment given to you;
- your doctor, specialist and therapist reports and test results;
- your appointment and billing details;
- your prescriptions and other pharmaceutical purchases;
- your dental records;
- your genetic information;
- your healthcare identifier;
- any other information about your race, sexuality or religion and social circumstances when collected by a health service provider.
- How do we collect and hold personal information?
We will generally collect personal information only from you directly:
- this might be via a face to face discussion, telephone conversation, registration form or online form;
- we may also need to collect information from other third parties such as treating specialists, other members of your treating team, diagnostic centres, radiologists, pathologists, allied health therapists, hospitals and other health care providers, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme.
- on occasions, as in the case of an emergency, it may be necessary to collect information from a person responsible for you including carer, relative or friend.
- Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- to provide health services to you;
- to communicate with you in relation to the health service being provided to you;
- to communicate with others where you have provided your consent for us to do so;
- to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation;
- to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems;
- for consultations with other doctors and allied health professionals involved in your healthcare;
- to obtain, analyse and discuss test results from diagnostic and pathology laboratories;
- for identification and insurance claiming;
- to liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary;
- to enable outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent.
- How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information which we hold about you.
- If we refuse your request for access or correction, we will provide you with a written notice which sets out the reasons for the refusal and how you can complain about our refusal;
- If you believe that information held about you needs correction, you may make a correction request. If we do not agree with the corrections you have requested, we are not obliged to alter your personal information. At your request, we will associate a statement with the relevant information which puts your view that it is inaccurate, out-of-date, incomplete, irrelevant or misleading;
- We may recover our reasonable costs for giving access to your personal information.
For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’:
We will normally respond to your request within 30 days.
- How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We hold your personal information in paper-based and electronic files and utilise secure cloud storage. We take stringent measures to protect information held from misuse, interference and loss and from unauthorised access, modification or disclosure. We have a broad base of security safeguards in place to protect your personal information, including that:
- All computers, devices and electronic databases incorporate strict individualised password access and virus and firewall protection procedures;
- Our medical database utilises secure cloud and server storage of encrypted data which is wholly located in Australia and is automatically updated throughout the day;
- Our practice has document retention and destruction policies;
- All staff and contractors are required to sign confidentiality agreements;
- We impose security and confidentiality requirements on how outside contractors handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform;
- Our rooms are securely locked afterhours and our premises are in a secure and monitored building.
- Communications policy
We have a policy of confirming personal identifying information when responding to telephone calls to ensure that we are talking with the right person.
Our faxes are received and sent via secure encrypted fax which is wholly Australian based and meets requirements for transmission of healthcare information.
We recognise that email can be a convenient means of communication. However, email currently poses a higher threat to confidentiality than other forms of communication. To mitigate this as much as practically possible, if you request communication via email, we will password protect these communications.
- Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, we request that you contact us and lodge your complaint in writing to administration at Think Neuro (as below). We will normally respond to your request within 30 days.
If you are dissatisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner (OAIC):
Phone: 1300 363 992
Fax: +61 2 9284 9666
Post: GPO Box 5218
Sydney NSW 2001
- Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself. We advise that it is generally impracticable to provide medical services without identifying referral, billing and Medicare information and requests for anonymity and pseudonyms are likely to be refused.
- Overseas disclosure
We do not routinely disclose personal information overseas. We may disclose your personal information to any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider) if your provide specific consent for us to do so and it directly relates to providing for your medical care or if we are legally required to do so.
- Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website and will be available at reception and upon request. This policy was last updated on 28/12/2018.
- Privacy and websites
This policy is available on our website: www.thinkneuro.com.au
- Contact details for privacy related issues
Please direct any enquiries regarding privacy related issues to administration at Think Neuro via the following contact details:
Telephone: 07 3107 1680
Post: Suite 28 Wesley Medical Centre, 40 Chasely St, Auchenflower, QLD 4066