Privacy Policy

Introduction:

Gosnells Medical Clinic is committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988.

This Privacy Policy explains how we collect, use and disclose your personal information (which includes health information), how you may access that information and how you may seek the correction of any information.  It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from the 30 March 2023.  From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information.  We will update this Privacy Policy to reflect any changes.  Those changes will be available on our website and in the Practice.

Consent for the collection of your personal information:

When you register as a patient of our practice, you are providing consent for our health care practitioners and practice staff to access and your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will do so.  If we need to use your information for anything else, we will seek additional consent from you to do this.

Gosnells Medical Clinic will only collect information that is necessary and relevant to provide you with optimal medical care and treatment, and to manage our Practice. Both clinical and administrative staff will only collect and access your personal information that is relevant to their role in your healthcare.

All staff members sign a comprehensive confidentiality agreement and internal privacy procedures agreement. Administrative staff will access your health information only if required, for example:

  • To answer a query you may have for example: the date of a referral, a request for a prescription renewal, the duration of a consultation, or the comment your practitioners have left for you regarding results of investigations (if you have elected not to return to receive them personally).
  • To answer  a  query  from  an  appropriate  third  party,  for  example,  a  relevant  specialist  requesting investigation results or a hospital requesting a list of current medication.
  • To ensure  optimal  administration  of  your  health  information,  for  example,  the  scanning  of  relevant documents into your file.

By giving consent to collect and access your personal information to Gosnells Medical Clinic, you also agree that such  information  will  be  available  to  administration  staff,  managers,  medical  and  allied  health  practitioners.   This enables us to care for you as a comprehensive multi- disciplinary team.

The collection and holding of your personal information:

Our practice will need to collect your personal information to provide healthcare services to you.  Our main purpose for collecting, using, holding and sharing your personal information is to manage your health.   We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation.

The information we will collect about you includes:

  • Name, date of birth, address and contact details
  • Medicare number (where available, for identification and claiming purposes)
  • Healthcare identifiers
  • Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Health fund details
  • Ethnicity
  • Emergency contact and next of kin

You do have the right to deal with us anonymously or under a pseudonym unless it is impractical for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How do we collect your personal information?

We collect information in various ways including:

  1.  The collection by practice staff of your personal and demographic information when you phone our clinic to arrange an appointment or when you book onlin
  2.  The collection by practice staff of more detailed personal and demographic information via registration when you present to the Practice for the first time.
  3.  By  our  healthcare  practitioners  when  providing  medical  services  of  further  personal information.
  4. Information may also be collected by our healthcare practitioners via your My Health Record
  5. We may also collect your personal information when you send us an email or SMS or telephone us, make an appointment online.

Wherever practicable we will only collect information from you personally.  However we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other healthcare providers. In emergency situations we may also need to collect information from your relatives or friends.

Our practice use referral templates that extract your personal information into referral letters through document automation technologies, particularly so that only the relevant medical information is included in referral letters. In addition, we may electronically send your information to service providers via accepted secure messaging systems.

Use and disclosure of personal information:

We will treat your personal information as strictly private and confidential.   We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment for example:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with the Australian Privacy Principles and with this policy
  • With other healthcare providers
  • When it is required by or authorised by law eg court subpoenas
  • When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or if it is impractical to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise or defend an equitable claim
  • For the purpose of confidential dispute resolution process
  • When there is a statutory requirement to share certain personal information for example some diseases require mandatory notification
  • During the course of providing medical services through My Health Record Shared Health Summaries
  • De-identified data may be used for education and research purposes, or for the collection of health statistics

Only people who need access to your information will do so.  Other than in the course of providing health services or as otherwise described in this policy, our practice will not share personal health information with any third party without your consent.

We will not share your health information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

With your consent, Gosnells Medial Clinic will use your personal information to send you appointment reminders, clinical messages, and preventative health reminders.  You can opt out of these services at any time by notifying our practice in writing (see details below).

Any  unsolicited  patient  information  we  receive  is  evaluated  by  our  administration  team,  and  clinical  team  if necessary, and decide if it should be kept, acted on or destroyed.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms:

  • Electronic records
  • Paper records
  • Visual records such as x-rays, CT scans, photographs

Our practice stores securely and protects your personal information by:

  • Securing our premises
  • Using protected electronic information systems
  • Adhering to strict password and access policies
  • Having all  staff  and  contractors  sign  confidentiality,  privacy  and  computer  security  agreements  (which includes the adherence to a clear screen policy)
  • Providing locked facilities for the storage of any physical records
  • Securely destroying documents once they have been scanned into your electronic health record

How can you correct your personal information at our practice?

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant.  For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation.  We request that you let us know if any of the information we hold about you is incorrect or out of date.

If you believe that the information we have about you is not accurate, complete or up to date we ask that you contact us in writing (see details below).  We will advise you when the corrections have been made and will ensure such changes occur within seven (7) days of receiving your request.

How can you access your personal information?

You are entitled to request access to your medical records.  In most cases we will ask you to complete a Request for Medical Records form.  Upon receipt of this completed form your request will be actioned.  In most cases this means all health practitioners who have been involved in your care reviewing your request and authorising release of the information.

We will endeavour to complete this process within 30 days and will advise you if there is any delay and the reasons for this.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records. We may deny access to your medical records in certain circumstances permitted by law, for example if disclosure

may cause a serious threat to your health or safety or to the health or safety of others.  We will always tell you why access is denied and the options you have to respond to our decision.

Use of Email:

Emailing of personal information is not a secure method of communication.

Should you however request information to be emailed to you, once we have explained the risks associated with transmitting personal information in this way and have obtained your verbal consent, we will password protect all documents, notify you of the password verbally and email it to a verified email address.  This process is a secure method and has a low privacy and security risk as per the Royal Australian College of General Practitioners: Using Email in General Practice – Guiding Principles.

We will not email your personal information without consent and password protection unless in the case of a medical emergency.

We will accept personal information via email from other healthcare providers and organisations involved in the management of your health.

Only  appropriate  matters should be  raised  should you wish to  communicate  with  us  via email.    For  example appointment scheduling and modifications to referrals or certificates.  Medical symptoms or proposed treatments should not be discussed via email.

Email communication must never be used in the case of a medical emergency.

Use of SMS for appointment and health:

Appointment & health reminders and brief clinical messages will be sent via SMS.  The detail of the actual health reminder will only be revealed to the recipient upon entering required information.  You can be removed from the SMS reminder and communication system upon request.

Our Business Continuity Plan:

Gosnells Medical Clinic has an extensive business continuing plan to enable the ongoing provision of healthcare in the event of any unforeseen events such as computer hardware failure.  This business continuing plan includes the electronic back up and replication of your personal information.  Back up data is stored onsite in a locked facility. Replicated data is hosted remotely and can only be accessed by our information technology providers and authorised members of our practice team.

Overseas Transfer of Data:

We will not transfer your health information to an overseas recipient unless we have your consent to do so, or we are required to do so by law or in the case of a medical emergency.

A note about identifying you when you arrive at our practice:

Our practice abides by the 5th Edition of the Royal Australian College of General Practitioners Standards for General Practice.  These standards are developed with the purpose of protecting patients from harm by improving quality and safety of health services.   These standards state that we must correctly identify you at every attendance to ensure we have arranged an appointment for the correct person and are about to deliver health care to the correct person.  The standards state we must ask you for three approved forms of identification for example name, address and date of birth.  We understand that providing these details within the vicinity of other patients may be a privacy concern.

Privacy concerns:

Gosnells Medical Clinic takes complaints and concerns about privacy of patients’ personal information seriously.  If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we then consider the details and attempt to resolve it in accordance with our complaint handling procedures.

 

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the

Australian Information Commissioner, Level 3, 175 Pitt Street, SYDNEY 2000; 1300 363 992,  http://www.oaic.gov.au enquiries@oaic.gov.au

Contact:

Please direct any concerns, complaints or requests for access to medical records to The Practice Manager