This document has been prepared to underline Dr Maeve Hutchinson’s Medical Practice (The Practice) respects and upholds the rights to privacy protection Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act), Privacy Amendment (Notifiable Data Breaches) Act 2017 as amended, and the Victorian Health Privacy Principles (HPPs) forming part of the Health Records Act 2001 (Vic). We respect your privacy and acknowledge Our legal obligations as they apply to Our collection, use and disclosure of Personal Information.
Our practice is committed to best practice in relation to the management of information we collect.
Our policy is to inform you of:
- The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
- How we collect and hold personal information;
- The purposes for which we collect, hold, use and disclose personal information;
- How you may access your personal information and seek the correction of that information;
- How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- We do not intend to disclose personal information to overseas recipients.
For further information about your rights to privacy and your rights under privacy law, please visit the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au .
2. What kinds of personal information do we collect?
The type of information we may collect and hold includes:
- Your name, address, date of birth, email and contact details
- Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
- Other health information about you, including:
- notes of your symptoms or diagnosis and the treatment given to you
- your specialist reports and test results
- your appointment and billing details
- your prescriptions and other pharmaceutical purchases
- your dental records
- your genetic information
- your healthcare identifier
- any other information about your race, sexuality or religion, when collected by a health service provider.
3. How do we collect and hold personal information?
We will generally collect personal information:
- from you directly when you provide your details to us. This might be via a face to face discussion, telephone conversation, registration form or online form
- from a person responsible for you
- from third parties where the Privacy Act or other law allows it – this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme
- Information Quality
We aim to ensure the information we hold about you is accurate, complete, up to date and relevant. To this end our staff may ask you to confirm that your personal details are correct when you attend a consultation. Please let us know if any of the information we hold about you is incorrect or not up to date.
- Amendment of your personal information
If you consider the information we hold about you is not correct, please contact the Practice in writing. You have the right to have any incorrect information corrected.
4. Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- to provide health services to you
- to communicate with you in relation to the health service being provided to you
- to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
- to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems
- for consultations with other doctors and allied health professional involved in your healthcare;
- to obtain, analyse and discuss test results from diagnostic and pathology laboratories
- for identification and insurance claiming
- To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
- What about use of personal information for direct marketing?
Australian privacy law limits the use of personal information for direct marketing of goods and services. We do not use your personal information for direct marketing.
5. How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information, which we hold about you. A fee is charged for this to cover the costs associated with this. The fee is charged in accordance with the schedule of fees specified in the Health Records Regulations 2008 (Vic), plus GST. This fee is not redeemable through Medicare. Please contact us (see below) if you wish to be advised of the cost.
For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’:
We will normally respond to your request within 30 days.
6. How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:
- Holding your information in a lockable cabinet.
- No offshore transfer of data.
- Holding your information in secure cloud storage (this information is encrypted and strong passwords are applied. The Microsoft servers are located in Australia, complying with Australian Policy Regulations).
– The practice uses Clinic to cloud practice software www.clinictocloud.com/privacy-policy
- We will not transfer your Personal information that we hold to any overseas entity.
- Our staff sign confidentiality agreements and access to personal information restricted to on a “need to know” basis.
- Our practice has document retention and destruction policies.
- Using passwords on all electronic systems and databases and varying access levels to protect electronic information from unauthorised interference, access, modification or disclosure.
7. Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to the practice. Questions or complaints should be addressed to the Privacy Officer : email@example.com. We will acknowledge receipt of your correspondence within 14 days, and normally respond to your request within 30 days of receipt.
If you are dissatisfied with our response, you may refer the matter to the OAIC:
Phone: 1300 363 992
Fax: +61 2 9284 9666
Post: GPO Box 5218 Sydney NSW 2001
Victorian Privacy Commissioner at www.privacy.vic.gov.au and/or the Victorian Health Services Commissioner at www.health.vic.gov.au.
8. Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself. In this practice, it is largely impracticable to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.
What happens if you choose to withhold your personal information?
You are not obliged to give us your personal information. However, if you choose not to provide the Practice with the personal details requested, it may limit our ability to provide you with full service. We encourage you to discuss your concerns with our reception staff prior to your first consultation or with your doctor.
9. Overseas disclosure.
We will not disclose your personal information to any overseas recipient.
10. Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website.
11. Privacy and websites
Our practice collects personal information via its website and when we interact with patients online through email and the clinic to cloud portal. We obtain information through the use of website analytics and cookies.
The practice website allows for patient feedback, links to other websites, allows for interaction with the clinic to cloud patient portal and allows referrals to be made online via the secure messaging Argus system.
The website content is for educational purposes and general information solely. It is not specific medical advice and may not be relevant to you and your circumstances. Please discuss your concerns with your doctor.
12. Contact details for privacy related issues
Please contact our practice privacy contact officer at:
P: (03) 8548 0325