The Riverstone Family Medical Practice is committed to best practice in relation to the management of information we collect. This Practice has developed a policy to protect patient privacy in compliance with privacy legislation and the Guidelines on Privacy in the Private Health Sector developed by the Office of the Federal Privacy Commissioner. Our policy is to inform you of:
- The kinds of personal information that we collect and hold;
- How we collect and hold personal information;
- The purposes for which we collect, hold, use and disclose personal information;
- How we communicate with you;
- How you may access your personal information and seek the correction of that information;
- What will happen if there is a data breach;
- How you may complain about a breach of the Australian Privacy Principles and how we deal with such a complaint.
What kinds of personal information do we collect?
The type of information we may collect and hold includes personal information about:
- Your name, address, date of birth, email and contact details;
- Medicare number and concession card number if applicable;
- Your current and past health information and other sensitive information such as your family health history, social history and your ethnicity.
How do we collect and hold personal information?
We will generally collect personal information:
- From you directly when you provide your details to us, through written questionnaires or verbally by the nurse and/or doctor;
- From a person responsible for you;
- From third parties where the Privacy Act or other law allows it; and
we hold information in your electronic health record which is stored in a computer database secured by firewalls, pass codes, and maintained by an up-to-date secure on- and off-site back-up system.
Why do we collect, hold, use and disclose personal information?
In general, we may collect, hold, use and disclose your personal information for the following purposes:
- To provide health services to you;
- To allow other health care providers to be involved in your care through sharing of selected information with your consent;
- To communicate with you;
- To comply with our legal obligations such as mandatory notification of communicable diseases or in suspected child abuse;
- To educate health care workers-in-training with your consent for the benefit of patients in the future;
- To participate in the analysis of health data in our community by authorised bodies, only ever for de-identified information or with your consent; and
- To help manage our accounts and administrative services.
How do we communicate with you?
We aim to receive your incoming telephone call in a private reception area to minimise the risk of conversations being overheard. Our staff may need to contact you by telephone for the purpose of administrative or clinical issues and this will generally be in a private area in the Practice. With your consent we may also contact you via letter to your home address or via SMS to your mobile telephone or via email.
Communication via email of identifiable information about you to health professionals involved in your care is done using an encryption program. You may choose to have direct email communication with staff at the Practice or allow direct email communication with other providers but you need to be aware that this is not secured. For this communication we will need your consent. We will take steps to reduce the risk of unsecured information being seen by others including confirming the email address of the intended recipient. We will not use this communication for sensitive information.
How can you access and correct your personal information?
Subject to the exceptions set out in the Privacy Act, you may seek access to and correction of personal information which we hold about you in accordance with our access policy. Some circumstances which may restrict this access include if your doctor believes there may be a risk of any physical or mental harm to you or any other person. In most cases this is managed by the doctor going through the health record with you.
A fee is charged for providing access and there is no Medicare rebate available so you will be advised of the cost in advance. The contact person in this Practice is General Manager, phone 9627 0600 Mon-Wed, or email firstname.lastname@example.org.
What will happen if there is a data breach?
If a data breach that is likely to cause serious harm occurs, the Practice will notify you and inform you of the type of data breach and information involved as soon as practicable. The Practice will also notify the Office of the Australian Information Commissioner.
How can you make a privacy related complaint?
We will take reasonable steps to protect the security of your information and comply with our legal obligations. Our staff are trained and required to respect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, please contact our Privacy Officer, Dr Michelle Crockett, through email@example.com. You may lodge your complaint in writing. Any complaint will be investigated by the Privacy Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.
Further information on Privacy Legislation is available from:
The Office of the Federal Privacy Commissioner on 1300 363 992, https://www.oaic.gov.au
The Health Care Complaints Commission on 1800 043 159. http://www.hccc.nsw.gov.au/