Current as of: 15 September 2018
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our doctors and practice staff to access and use your personal information, so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
The Private Clinic’s “Personal Details and Important Information” form contains a declaration which must be signed to authorise our collection and use of your personal information.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding, and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).
What personal information do we collect?
The information we will collect about you includes your:
- names, date of birth, addresses, contact details
- medical information including medical history, medications, allergies, adverse events, pathology test results, immunisations, social history, family history, risk factors, details of discussions with you regarding your treatment and counselling notes.
- Medicare number (where available) for identification and claiming purposes
- healthcare identifiers
- health fund details.
- Telephone and SMS conversations.
- Your image may be captured on the clinic’s CCTV security system which only operates in non-clinical areas inside and outside the clinic. This data is overwritten approximately every 2 months.
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
If you are having a procedure, in order for safe medical treatment to be provided, allowing for the possibility that vital aftercare may need to be provided and pathology testing performed, it will usually be impractical to treat you anonymously or under a pseudonym.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
- When you make your first appointment our practice staff will collect your personal and demographic information.
- Upon arrival at the Private Clinic, you will be required to complete various forms in writing, which will include your personal demographic information and your medical details.
- During the course of providing medical services, we may collect further personal information.
- The Private Clinic does not and will not update My Health record.
- We may also collect your personal information when you send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
- The clinic’s telephone system automatically records all call conversations for quality and training purposes. This data is in digital format and is stored on a secure server.
- We may write down details of any conversations that we have with you.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- Your health fund or Medicare.
- In the event that you require urgent post-operative care at a hospital or other medical practitioner following treatment at the clinic, in order to maintain continuity of care and to track clinical outcomes, we may request a copy of any discharge summary, test results, imaging reports, and theatre notes directly from the hospital or your medical practitioner.
When, why and with whom do we share your personal information?
We sometimes share your personal information:
- with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
- with other healthcare providers during this episode of treatment, including any aftercare that may be required. These healthcare providers may include the GP you saw prior to attending for treatment, pathology providers, diagnostic imaging providers, other reproductive healthcare clinics, or hospital staff if post-operative care is required.
- when it is required or authorised by law (eg court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for confidential dispute resolution process
- when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- The Private Clinic does not and will not share your information through eTP or My Health Record.
Only people who need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.
Our practice will not use your personal information for marketing any of our goods or services directly to you.
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms including paper records, electronic records, visual records (ultrasound scan printouts, scanned historical medical records and CCTV security video).
Our practice stores all personal information securely.
Your electronic records are stored on our computer systems and internal network which are password protected and physical access is controlled through building access control.
Your paper records may be stored in in locked filing cabinets, which are scanned into a digital archive and disposed of by means of a licensed, secure document destruction service. The document destruction takes place, on-site at the time of document collection by the third-party document destruction service.
All staff and contractors are sensitive to your need to discretion and privacy and all are required to sign a confidentiality agreement upon employment.
How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal medical information.
Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing by email, along with a copy of photo ID eg. Driver’s license, and our practice will respond within 14 days. In most cases, we will not charge a fee where records are required for medical purposes, however we reserve the right to charge a fee to produce medical records where the retrieval of the records may require significant time and effort.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. You may also request that we correct or update your information, and you should make such requests in writing to the practice manager.
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Please address all correspondence to:
The Private Clinic
120 Devonshire Street
Surry Hills, NSW 2010
We will acknowledge receipt of your correspondence within 7 days and will endeavour to provide a detailed response within 30 days.
You may also contact the OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and our website and email
Our website does not collect personal information
We may occasionally interact with patients via email where it is appropriate to do so. We will not send you copies of test results or other sensitive information unless requested by yourself.
Requests for copies of your medical records via email must be accompanied with proof of your identity, eg. Photo ID.
Policy review statement