Reviewed and Current as of: 13/09/2023
Introduction
This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g., staff training).
What personal information do we collect?
The information we will collect about you includes your:
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorized by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
When why and with whom do we share your personal information?
We sometimes share your personal information:
Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct
marketing at any time by notifying our practice in writing.
We may provide de-identified data to other organizations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let our reception staff know if you do not want your information included.
“Polar GP” is a software system we use to help us provide you with the best medical care. The information is secure, cannot identify patients and is shared with your local Primary Health Network to improve health services in the area.
How do we store and protect your personal information?
Your personal information is stored via the electronic records softwares we use in the clinic called Best Practice and Hot Doc
If we are to receive hard copies of reports or results for you, they are scanned into your secure file then shredded accordingly.
Our practice stores all personal information securely.
Personal health information is kept where only those with authorization can access it, and is kept out of view of and unable to be accessed by the public (ie. Not left exposed on the reception desk, in the waiting room or other public areas; or left unattended in consulting rooms). To minimize this risk, automated screensavers are activated on all computer screens.
Members of the practice have different levels of access to patient personal health information as appropriate to their roles and, to maintain security all computer hardware and software passwords are kept confidential and are not disclosed to others.
Any team members positioned in the practice common areas (e.g., reception and the waiting room) are made aware that the conversations in these areas can often be overheard by patients and visitors and, therefore, they are to avoid discussing confidential and sensitive patient information.
Whenever sensitive documentation is to be discarded, our practice uses an appropriate method of destruction-shredder bin.
How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information.
Although patients can request access to their personal health information verbally, we request that patients complete a Personal Health Information Request Form which outlines the type of information being requested, and in what format the patient requests to receive the information. Completion of this form ensures correct processing is undertaken and appropriate consent is obtained, particularly where the patient is requesting their information be sent to them through an unsecure method (i.e., facsimile, mail, email).
The completed request form is then forwarded to the patient’s usual general practitioner to review, and consider the request through the use of the Release of Health Information Checklist. In considering the request, it is important that the practitioner answers the following questions:
Where ‘yes’ was answered for any of the questions, there may be grounds for denying access to the record or certain parts thereof. Where there is no reason to deny access, the general practitioner is to proceed to peruse record to ascertain if all information being requested is still suitable for release.
A fee will be charged at the discretion of the practice manager and dependent on the amount of information and resources needed to release to a patient. In most cases however a fee is not necessary.
When a patient requests access to their health record and related personal information, we document each request in the practice’s Transfer Request register and in the patient’s health record. We endeavour to assist patients in granting access where possible and according to the privacy legislation. Exemptions to access will be noted and each patient (or legally nominated representative) will have their identification checked prior to access being granted.
Where there are grounds to deny a patient access to their personal health information (all or part thereof), the reason for denied access is provided to the patient in writing. An intermediary may operate as facilitator to provide sufficient access to meet the needs of both the patient and the general practice.
Patients may request to access their personal health information in the following ways:
We respect an individual’s privacy and allow access to information via personal viewing in a secure private area in consultation with their general practitioner. A fee is not charged in this circumstance, and the patient may take notes of the content of their record. Fees may be charged when large amounts of photocopying of the information is requested.
A patient may ask to have their personal health information amended if they consider it is not up-to-date, accurate or complete. Our practice aims to correct this information as soon as reasonably practicable and any corrections made are attached to the original health record.
Where there is a disagreement about whether the information is indeed correct, we attach a statement to the original record outlining the patient’s claims.
Once the request has been processed, the completed Personal Health Information Request Form and Release of Health Information Checklist are incorporated into the patient’s health record.
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure
Upul the Practice Manager is our practice’s designated privacy officer.
The privacy officer is responsible for ensuring compliance with the Privacy Act 1988 and the Australian Privacy Principles and for developing and maintaining our written protocols. The privacy officer liaises with the person responsible for our computer security and systems to ensure our electronic systems remain compliant.
If any members of the public or of our practice team have any queries concerning privacy laws and how our practice manages adherence to these laws, these queries are directed to the privacy officer.
In the event of any issues or complaints relating to privacy matters, this practice conducts a review of privacy policies and procedures. This review is also undertaken from time-to-time to ensure these policies and procedures are up-to-date.
The privacy officer reviews the following items:
Information is collected from hard copy and electronic storage devices, and issues are discussed with the general practitioners and other practice team members to gain the most current information.
National and State privacy laws are referenced with any updates being noted and actioned.
During this time, our privacy policy and other policies and procedures associated with the management of personal health information are reviewed and updated for privacy items as required.
Forms related to accessing personal patient health information, including requests for access and access registers, are also reviewed.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Alternatively, The Victorian Ombudsman contact number is 1800 806 314.
Policy review statement
Mount Medical Clinic’s privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. If any changes are to be made, we will notify you (the patient) with visible and clear signage in the waiting room and via our website address.