Privacy Policy

Health Records and Information Privacy Act 2002 (NSW) and the Privacy Act 1988 (Cth).
Reviewed 31st October 2022

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

Kinds of personal information we collect

Information we collect about you includes:

• Personal details (your name, address, date of birth, contact details, race, sex, gender or religion, Medicare number, healthcare identifier, health fund details);

• Your medical information including medical history, medications, allergies, adverse reactions, immunisations, social history, family history, risk factors, diagnostic results and reports.

How we collect personal information

The information held about you is provided either directly by you (via phone, in person, by letter or email) or a person responsible for you or from third parties which may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, My Health Record, electronic prescription services, Medicare, your health insurer and the Pharmaceutical Benefits Scheme.

Why we collect, hold and share your personal information

We collect, hold, use and disclose your personal information for the following purposes:

• To provide health services to you,

• To communicate with you in relation to the health service being provided,

• For consultations with other doctors and allied health professionals involved in your healthcare,

• To help us manage our accounts and administrative services,

• To obtain, analyse and discuss test results from diagnostic and pathology laboratories,

• To comply with our legal obligations, including, but not limited to court subpoenas, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation,

• To upload to or download from your My Health Record,

• To electronically transfer prescriptions, and

• To liaise with your health fund, government and regulatory bodies, such as Medicare, the Department of Veteran’s Affairs and the Office of the Australian Information Commissioner (OAIC) as necessary.

• Our practice may use your personal information to improve the quality of the services we offer to our patients through analysis of our patient data.

• We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff know if you do not want your information included.

Quality of personal information

We take all reasonable steps to ensure personal information collected, used or disclosed is accurate, up-to-date, complete and relevant.

Overseas Disclosure

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Direct marketing

The practice does not engage in direct marketing.

Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves or of using a pseudonym except where it is impracticable. In medical practices, it is impracticable to deal with patients anonymously or via a pseudonym.

Access to and correction of personal information

You have rights of access to and correction of any information we hold concerning you. Should you wish to access or correct this information please ask our reception staff for details on how to do so. We will normally respond to your request within 30 days. The practice may charge fees to cover time and administrative costs which may not be covered by a Medicare rebate.

Storage and Security of personal information

Your medical file is handled with the utmost respect for your privacy. All personal information is stored securely on an onsite server with firewall and virus protection. Backups are done daily, taken off site and restored regularly. Electronic communication is via encrypted email unless explicit consent is obtained to use unencrypted email. Our staff members are bound by strict confidentiality requirements. Strict secure storage policies are observed in this practice. All reasonable steps are taken to protect information held from misuse, loss and unauthorised access, modification or disclosure. Your electronic personal information is accessible only by staff of this practice and is protected by strong passwords.

Website

We do not collect personal information about you when you use our website.

Our website contains links to third-party websites that are governed by their own terms of use (including privacy policies). We advise that you satisfy yourself of the personal information handling policies of these before making use of them.

We use HotDoc, a third party provider, to remind you of appointments, recalls and results. HotDoc needs to store your name and date of birth to be able to do this. You may opt out of this on the HotDoc app or by phoning our surgery.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. Amendments will be published on our website.

Questions or complaints

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing to Dr John Carmody. We will make our best endeavor to address complaints within 30 days of receipt of your complaint. Should you be unsatisfied with our response to your privacy complaint, you may lodge a written complaint with the NSW Privacy Commissioner Ph: 1800 472 679 or the Office of the Australian Information Commissioner www.oaic.gov.au GPO Box 5218 Sydney NSW 2001 Ph: 1300 363 992.