Current as of: NOV 2022
Why and when your consent is necessary
When you register as a patient, you provide consent for your GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If your information is needed for anything else, additional consent from you will be gained.
Why is my personal information collected, used, held and shared?
Your doctor will need to collect your personal information to provide healthcare services to you. The main purpose for collecting, using, holding and sharing your personal information is to manage your health. It is also used for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).
What personal information is collected?
The information collected about you includes your:
- names, date of birth, addresses, contact details
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- healthcare identifiers
- health fund details.
Unless it is impracticable to do so or unless we are required or authorised by law to only deal with identified individuals, you have the right to deal with the doctor anonymously or under a pseudonym.
How your personal information is collected?
Your doctor may collect your personal information in several different ways.
- When you make your first appointment staff will collect your personal and demographic information via your registration. Completion of the registration form is vital.
- During the course of providing medical services, further personal information may be collected. Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record, eg via Shared Health Summary, Event Summary.
- Personal information may also be collected when you telephone us, make an online appointment or communicate with us in any way.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom is your personal information shared?
Your personal information may be shared:
- with third parties who work with in the same location as your doctor for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
- with other healthcare providers
- when it is required or authorised by law (eg court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of confidential dispute resolution process
- when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).
Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, your personal information will not be shared with any third party without your consent.
Your personal information will not be shared with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Your personal information will not be shared for marketing any of goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying your doctor in writing.
How is your personal information stored?
Your personal information may be stored in various forms. Records are stored electronically, visual records may be kept until you collect them, i.e x-rays, CT Scans, ultrasound disc.
All personal information is stored securely. All personal information is stored in Electronic format, in protected information systems or in hard copy format in a secured environment. All Doctors and staff have signed confidentiality agreements upon commencement at the clinic. All Doctors and staff are issued with a log in and password, which they are reminded to change every 3 months as per password policy. Any hard copies of information are stored in closed cupboards/offices where patients/visitors do not have access.
How can you access and correct your personal information?
You have the right to request access to, and correction of, your personal information.
The doctor acknowledges patients may request access to their medical records. You are required to put this request in writing via our Request for Personal Health Information form and someone will respond within a reasonable time. All requested are aimed to be processed within 14 days and a fee is charged as per the Health Records Act. The fee is usually 20c per page, plus Admin fee of $42.02.
All reasonable steps are taken to correct your personal information where the information is not accurate or up to date. From time to time, you will be asked to verify that your personal information is correct and current. You may also request to correct or update your information, and you should make such requests in person at the clinic.
How can you lodge a privacy-related complaint, and how will the complaint be handled?
All complaints and concerns regarding privacy are taken seriously. All doctors are independent medical consultants who have established their business at this location. Please discuss any concerns you have with your doctor, or you may ring/write to the practice manager who can follow up any problem on your behalf. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with the resolution procedure.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Office of the Health Services Commissioner Victoria – 1300 582 113