Privacy Policy


Introduction


This Privacy Policy is to provide information to you, our patient, on how your personal information is collected used and stored within our practice, and the circumstances in which we may share it with third parties.

All personal information collected in the course of providing a health service is considered health information. Health information is ‘sensitive information’ which means there are stricter requirements when handling this information.


Why and when your consent is necessary


When you register as a patient of our practice, you provide consent for our doctors and practice staff to access and use your personal information so they can provide you with the best possible healthcare.

Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.


Why do we collect, use, hold and share your personal information?


Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health.

We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training and business improvement).


What personal information do we collect?


The information we will collect about you includes:

  • Names, date of birth, addresses, contact details,
  • Medical information including medical history, medications, genetic information, allergies, adverse events, immunisations, social history, family history and risk factors,
  • Billing information and Medicare number (where available) for identification and claiming purposes,
  • Healthcare identifiers,
  • Health fund details.


What happens if we do not collect your personal information


If you do not provide us with all the personal information we request, our doctors may not be able to provide optimal services to you. We only collect as much personal information from you as our doctors need to provide you with services and to allow us to obtain payment for services rendered.

 

 

Dealing with us anonymously


You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.


How do we collect your personal information?


Our practice will collect your personal information:

·        When you make your first appointment our practice staff will collect your personal and demographic information via your registration.

·        During the course of providing medical services, we ask for verification by using the three approved identifiers (e.g. Full name, date of birth and address) at each appointment, communication over the telephone or electronically.

·        Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record via Shared Health Summary or Event Summary.

·        We may also collect your personal information when you visit our website, send us an email,

·        Telephone us and make an online appointment or communicate with us using social media.

·        In some circumstances personal information may also be collected from other sources. This is because it is not practical or reasonable to collect it from you directly. This may include information from:

o  Your guardian or responsible person

o  Other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services

o  Your health fund, Medicare, or the Department of Veteran's Affairs (as necessary).

·        Photos and medical images: These can be taken using personal devices for medical purposes, following the guidelines outlined in our guide on using personal devices for medical images, patient consent will always be obtained prior to collecting and image removed once uploaded or attached to the file.

·        SMS reminders are through HotDoc platform, HotDoc states patient data is encrypted in transit and at rest, will only be shared with third parties for the purpose of providing service, and patients can opt-out of marketing SMS messages.


Providing your information to other doctors/healthcare professionals

 

The doctor(s) in this practice respect your right to decide how your personal health information is used or disclosed (for example to other doctors). In all but exceptional circumstances, personal information that identifies you will be sent to other people only with your consent. Gaining your consent is the guiding principle. The doctor will discuss with you, at the time, any disclosure including through referrals, Electronic Transfer Prescriptions (eTP), MyHealth Record/PCEHR system (e.g. via Shared Health Summary, Event Summary).

 

In this practice, our doctors only access their own patients unless they are looking after another doctor’s patients whilst on leave.  If you have any concerns about other doctors at this practice being able to see your records discuss your concerns with your doctor.


It is important that other people involved in your care, such as other doctors or health professionals, are informed of relevant parts of your medical history so they can best care for you. If you have any concerns about this discuss them with your doctor.


All employees of this clinic are bound by confidentiality agreements. Our doctors/nursing team will only access medical files of patients that they are treating. Our administration team will only access your file to add correspondence. Accounts team will only access the financial history.


Providing your information to others


Your doctor will not disclose your personal health information to a third party unless:

·        you have consented to the disclosure: or

·        this disclosure is necessary because you are at risk of harm without treatment and you are unable to give consent - for example you might be unconscious after an accident; or

·        your doctor is legally obliged to disclose the information (e.g., notification of certain infectious diseases or suspected child abuse, or a subpoena or court order); or

·        the information is necessary to obtain Medicare payments or other health insurance rebates; or

·        there is an overriding public health and safety interest in the release of the information.

There are times when disclosure is necessary for the doctors in the practice to carry out a review of their practice for the purpose of improving the quality of care provided and the activity has been approved under Commonwealth or State legislation. This provides safeguards to protect the confidentiality of the information provided.


In any of the above cases only information which is necessary to achieve the objective will be provided.


Any third-party providers required to provide services to the practice (e.g. IT), have confidentiality agreements. They will have access which is strictly limited to only that which is necessary to provide their service.


Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt-out of direct marketing at any time by notifying our practice in writing.


We do not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.


How do we store and protect your personal information?

 

Your personal information may be stored at our practice in various forms. - Electronic records, paper records and visual i.e. X rays CT scans, photos our practice stores all personal information securely.


All our electronic records are protected in our information system with password authority, and the best available firewall security as advised by our IT consultant. Any hard copies are stored within a locked and security monitored building. All staff and contractors have confidentially agreements in place.


We are subject to a range of rules relating to the periods for which health information and records must be retained.

We must retain health information about an individual:

·        For at least 7 years from the last occasion on which we provided a health service to the patient – if we collected the information when the patient was 18 years old or older: or

·        At least until the individual turns 25 – if we collected the information when the patient was less than 18 years old.


How is your information used to improve


The practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the practice team

We may provide de-identified data to other organisations to improve population health outcomes. If we provide this information to other organisations patients cannot be identified from the information we share, the information is secure and is stored within Australia. You can let reception staff know if you do not want your de-identified information included.

At times, general practices are approached by research teams to recruit eligible patients into specific studies which require access to identifiable information. You may be approached by a member of our practice team to participate in research. Researchers will not approach you directly without your express consent having been provided to the practice. If you provide consent, you would then receive specific information on the research project and how your personal health information will be used, at which point you can decide to participate or not participate in the research project.


How are document automation technologies used?


Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare. 

The practice uses document automation technologies to create documents such as referrals, which are sent to other healthcare providers. These documents contain only your relevant medical information.

These document automation technologies are used through secure medical software Healthlink.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team.

The practice complies with the Australian privacy legislation and APPs to protect your information.

All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners Privacy and managing health information guidance.


How are Artificial Intelligence (Ai) Scribes used?


The practice uses an AI scribe tool to support GPs take notes during their consultations with you. The AI scribe uses an audio recording of your consultation to generate a clinical note for your health record. The practice AI scribe service is Heidi.

Heidi:

·        does/does not share information outside of Australia

·        destroys/stores the audio file once the transcription is complete.

·        removes/retains sensitive, personal identifying information as part of the transcription 

The practice will only use data from our digital scribe service to provide healthcare to you.


How can you access and correct your personal information at our practice?


You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. A fee may be incurred for recovery, inspection, collating, copying, postage and recovery off site if applicable.

Our practice will take reasonable steps to correct your personal information where the information is:

·        Not accurate or up to date.

·        We will ask you to verify your personal information held by our practice is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to the Practice or emailed to The Practice Manager at pm@mtbarkerbalhannahmedical.com.au


Notifiable data breaches


We are required to notify the Office of the Australian Information Commissioner about eligible data breaches. A data response team has been established to assess, take remedial action and report where required a suspected breach.


How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?


We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing or email to The Practice Manager at pm@mtbarkerbalhannahmedicalclinics.com.au 

We will then attempt to resolve it in accordance with our resolution procedure and within a reasonable time frame not exceeding 30 days.

You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to have contacted Mt Barker & Balhannah Medical Clinics and given us time to respond, before they investigate.

For further information visit

 www.oaic.gov.au

 or call the OAIC on 1300 363 992.


Privacy and our website


All of the above privacy policy applies via interaction on our website


Policy review statement


This Privacy policy is reviewed regularly to ensure it is in accordance with any changes that may occur. Notification of any substantive amendments to this policy will appear on our website as well as notification within our waiting room area.