We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, medicare number (where available) (for identification and claiming purposes), healthcare identifiers, medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors. family history, credit card and direct debit details and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.
Wherever practicable we will only collect information from you personally in writing or through implied consent. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals, other health care providers, and the My Health Record system. All patient information collected shall be used to provide a comprehensive approach to patient care.
A patient’s personal information may be held at the Practice in various forms: as paper records, as electronic records, as visual – x-rays, CT scans, videos and photos, as audio recordings.
We collect information in various ways, such as over the phone, in writing, in person in our Practicesor over the internet or videoconferencing if you transact with us online or engage in telehealth. This information may be collected by medical and non-medical staff. Administrative staff with access to your personal health information have signed confidentiality agreements.
Please advise us if your details alter so that our information is accurate and up to date.
In emergency situations we may also need to collect information from your relatives or friends.
We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.
Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the My Health Record system. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform. When patients move to another medical practice, we will support continuity of care by preparing a relevant summary of your medical records. When we receive a form signed by you authorising transfer of medical information, we will send this summary to your new GP.
- Patients may wish to directly access the full details in their medical records. Advise the staff of your request. The Practice Manager will contact you to outline the procedure. A written request for access to your medical record will be needed before we can proceed. We will advise you of times that the doctor will be available to go through your medical records with you. This will be as soon as reasonably convenient within 30 days.
- It is the policy of all our practices at this time to retain all medical records – no records are destroyed.
- If there are concerns regarding information collected at our Practice’s and how it is used please discuss the issues with the Practice Manager or one of the doctors.
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Some disclosure may occur to third parties engaged by or for our Practices’ business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.
Our Practices will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
Our Practices will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient.
Our Practices will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
- Required by law
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of a confidential dispute resolution process.
Our Practices will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email. The Practices evaluate all unsolicited information it receives to decide if it should be kept, acted on or destroyed.