Mon, Wed : - 8:30am - 5.30pm

Tus,Thu,Fri : 8:30am – 5:30pm

Sat : 9:00am – 12:30pm

Mount Medical Clinic,

1592 Burwood Hwy, Belgrave VIC 3160 Australia

Reviewed and Current as of: 13/09/2023

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g., staff training).

What personal information do we collect?

The information we will collect about you includes your:

  • names, date of birth, addresses, contact details
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorized by law to only deal with identified individuals.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
  • During the course of providing medical services, we may collect further personal information. Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record eg via a shared health summary, event summary.
  • We may also collect your personal information when you contact us via our website, send us an email or SMS, telephone us, or make an online appointment
  • In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
  • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

When why and with whom do we share your personal information?

We sometimes share your personal information:

  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • with other healthcare providers
  • when it is required or authorised by law (e.g., court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution process
  • when there is a statutory requirement to share certain personal information (e.g., some diseases require mandatory notification)
  • during the course of providing medical services, through eTP, My Health Record (e.g., via Shared Health Summary, Event Summary).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct

marketing at any time by notifying our practice in writing.

We may provide de-identified data to other organizations to improve population health outcomes. The information is secure, patients cannot be identified, and the information is stored within Australia. You can let our reception staff know if you do not want your information included.                                                                                            

 “Polar GP” is a software system we use to help us provide you with the best medical care. The information is secure, cannot identify patients and is shared with your local Primary Health Network to improve health services in the area.

How do we store and protect your personal information?

Your personal information is stored via the electronic records softwares we use in the clinic called Best Practice and Hot Doc

If we are to receive hard copies of reports or results for you, they are scanned into your secure file then shredded accordingly.

Our practice stores all personal information securely.

 Personal health information is kept where only those with authorization can access it, and is kept out of view of and unable to be accessed by the public (ie. Not left exposed on the reception desk, in the waiting room or other public areas; or left unattended in consulting rooms). To minimize this risk, automated screensavers are activated on all computer screens.

Members of the practice have different levels of access to patient personal health information as appropriate to their roles and, to maintain security all computer hardware and software passwords are kept confidential and are not disclosed to others.

Any team members positioned in the practice common areas (e.g., reception and the waiting room) are made aware that the conversations in these areas can often be overheard by patients and visitors and, therefore, they are to avoid discussing confidential and sensitive patient information.

Whenever sensitive documentation is to be discarded, our practice uses an appropriate method of destruction-shredder bin.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Although patients can request access to their personal health information verbally, we request that patients complete a Personal Health Information Request Form which outlines the type of information being requested, and in what format the patient requests to receive the information. Completion of this form ensures correct processing is undertaken and appropriate consent is obtained, particularly where the patient is requesting their information be sent to them through an unsecure method (i.e., facsimile, mail, email).

The completed request form is then forwarded to the patient’s usual general practitioner to review, and consider the request through the use of the Release of Health Information Checklist. In considering the request, it is important that the practitioner answers the following questions:

  • Would access pose a serious threat to the life or health of anyone, including the patient? 
    • If it is possible to provide the information in another form which would remove the threat, for example discussing in person with the applicant, then this could be an option.
  • Will the privacy of others be compromised?
    • It may be possible to remove the other person’s identification prior to release of information. Check remaining parts of the record to not reveal the person’s identification. You can try to contact the other person for their consent to release information in the record. Consider if this contact may cause a privacy risk for the patient.
  • Is the request frivolous or vexatious? 
  • Does the information relate to existing or anticipated legal proceedings?
  • Would access prejudice negotiations with the individual, for example regarding negligence or another claim?
  • Would access be unlawful due to other legislation? 
    • Where any Commonwealth Victorian State law prohibits this or if it would breach any other statutory or common law (e.g., Adoption Act, Infertility Treatment Act).

Where ‘yes’ was answered for any of the questions, there may be grounds for denying access to the record or certain parts thereof. Where there is no reason to deny access, the general practitioner is to proceed to peruse record to ascertain if all information being requested is still suitable for release.

 A fee will be charged at the discretion of the practice manager and dependent on the amount of information and resources needed to release to a patient.  In most cases however a fee is not necessary.

When a patient requests access to their health record and related personal information, we document each request in the practice’s Transfer Request register and in the patient’s health record. We endeavour to assist patients in granting access where possible and according to the privacy legislation. Exemptions to access will be noted and each patient (or legally nominated representative) will have their identification checked prior to access being granted.

Where there are grounds to deny a patient access to their personal health information (all or part thereof), the reason for denied access is provided to the patient in writing. An intermediary may operate as facilitator to provide sufficient access to meet the needs of both the patient and the general practice. 

Patients may request to access their personal health information in the following ways:

  • View and inspect (patient are to make an appointment)
  • View, inspect and discuss contents (patient is to make an appointment)
  • Obtain a copy – collect
  • Obtain a copy – send via mail
  • Obtain a copy – send via facsimile, and/or
  • Obtain a copy – send via email.

We respect an individual’s privacy and allow access to information via personal viewing in a secure private area in consultation with their general practitioner. A fee is not charged in this circumstance, and the patient may take notes of the content of their record. Fees may be charged when large amounts of photocopying of the information is requested.

A patient may ask to have their personal health information amended if they consider it is not up-to-date, accurate or complete. Our practice aims to correct this information as soon as reasonably practicable and any corrections made are attached to the original health record.

Where there is a disagreement about whether the information is indeed correct, we attach a statement to the original record outlining the patient’s claims.

Once the request has been processed, the completed Personal Health Information Request Form and Release of Health Information Checklist are incorporated into the patient’s health record.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure

Upul the Practice Manager is our practice’s designated privacy officer.

The privacy officer is responsible for ensuring compliance with the Privacy Act 1988 and the Australian Privacy Principles and for developing and maintaining our written protocols. The privacy officer liaises with the person responsible for our computer security and systems to ensure our electronic systems remain compliant.

If any members of the public or of our practice team have any queries concerning privacy laws and how our practice manages adherence to these laws, these queries are directed to the privacy officer.

In the event of any issues or complaints relating to privacy matters, this practice conducts a review of privacy policies and procedures. This review is also undertaken from time-to-time to ensure these policies and procedures are up-to-date.

The privacy officer reviews the following items:

  • What is the primary purpose of this practice?
  • What data do we collect and document?
  • How do we store this information?
  • What data do we disclose and to whom?
  • When and how do we obtain patient consent?

Information is collected from hard copy and electronic storage devices, and issues are discussed with the general practitioners and other practice team members to gain the most current information.

National and State privacy laws are referenced with any updates being noted and actioned.

During this time, our privacy policy and other policies and procedures associated with the management of personal health information are reviewed and updated for privacy items as required.

Forms related to accessing personal patient health information, including requests for access and access registers, are also reviewed.

You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Alternatively, The Victorian Ombudsman contact number is 1800 806 314.

Policy review statement

Mount Medical Clinic’s privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. If any changes are to be made, we will notify you (the patient) with visible and clear signage in the waiting room and via our website address.