Statement

Our practice is committed to always maintaining privacy and confidentiality and requires that any information regarding individual patients, including staff members that may be patients, will not be disclosed in any form (verbally, in writing, electronic forms inside or outside our practice) except for strictly authorised use within patient care context or required by law.

For the purpose of this policy, no distinction has been made between the handling of personal information and sensitive information including health information, therefore all information will be referred to as “personal information” throughout this policy

Introduction

This privacy policy is to inform patients, you, how personal information is obtained, held and managed by Grace Medical Skin and Vein Centre. It also outlines and reinforces to staff and medical students their obligations and duties regarding privacy and confidentiality of our patients, and how we may need to share your personal information to third parties for ongoing treatment.

Health Record Definition:  Any relevant record made by a health care practitioner at the time of, or subsequent to, a consultation and/or examination or the application of health management. Medical records cover an array of documents that are generated as a result of patient care.

Why and when your consent is necessary

When you register as a patient of Grace Medical Skin and Vein Centre, you provide consent for our doctors and staff members to access and use your personal information to provide you with the best healthcare possible. Any requests for further use of information is made to in writing to the patient explaining the purpose of the request and obtain the patients written consent prior to the use or release of the information. 

Why do we collect, use, hold and share your personal information?

Our practice will need to obtain your personal information to provide efficient healthcare services to you along with ongoing healthcare management. We will also use this information for business administration (including staff training), financial claims and billing purposes, practice audits and accreditation.

What personal information do we collect?

Personal information we will collect includes but not limited to:

  • Name, date of birth, address, telephone number, Medicare and DVA card numbers, Healthcare Identifier numbers
  • Next of kin and emergency contact details
  • Past and current medical history, immunisation history, medications, allergies, social history, family history, cultural background, gender and gender identity and risk factors.
  • Names of other healthcare providers, specialists and relevant medical referrals and reports.

Our practice staff ask our patients upon their arrival for their appointment to confirm their identity by asking 3 key identifier points such as:

  1. Confirming your name
  2. Confirming your date of birth
  3. Confirming your contact details (street address or telephone number)

Dealing with us Anonymously

You have the right to deal with us anonymously or under pseudonym unless it is impracticable for us to so or unless we are required or authorised by law to only deal with identified health individuals.

How do we collect your personal information?

Our practice may collect your personal information in several different ways:

  • When you make your first appointment, our practice staff will collect your personal and demographic information via your registration.
  • During the course of providing medical services, we may collect further personal information. Information may also be collected through My Health Record and transferred records from previous practices.
  • When you visit our website, send us an email, SMS or telephone us.

In some circumstances personal information may also be collected by other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

  • Your guardian or responsible person
  • Other involved healthcare providers such as, specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services.
  • Your health fund, Medicare or the Depart of Veterans Affairs (DVA)

Who do we share your personal information with?

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principals (APPs) released by the Office of Australian Information Commissioner (OASIC) and this policy
  • With other healthcare providers
  • When it is required or authorised by law (e.g. court subpoenas)
  • When it is Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or if it is impracticable to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise or defend and equitable claim
  • For the purpose of confidential dispute resolution process
  • Where there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
  • During the course of providing medical services, through eTP, My Health Record

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

Generic referrals via your consent in consult are set to use an automated template consisting of your name, address, contact details and the reasoning of the need for a referral. These referrals are sent electronically via Medial Objects or via fax from our staff or you may request a hard copy of your referral.

We will not share your personal information with anyone outside of Australia (unless under exceptional circumstances, permitted by law) without your consent

Our practice will not use your personal information for marketing of any goods or services directly to you without your consent. If you do not consent, you may opt out of direct marketing at any time by notifying our practice in writing.

How do we store and protect your personal information?

Our practice stores all personal information securely in electronic format (Best Practice). All computers used are to store personal information are password protected. A back up computer, located offsite is also password protected and secured in a locked cabinet. Documents and correspondence are scanned into electronic records, originals are then securely shredded. All staff and medical students sign and acknowledge a Privacy and Confidentiality agreement on commencement of their time with us to maintain the privacy and non-disclosure of all patient information, which is legally binding even after they cease employment with us.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information. Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within 30 days. There will be a charge (to be advised) to print or transfer your files to cover the cost of printing and administration. The records will not be sent by email or other non-secure media. It can be posted by registered mail or faxed to the contact details you provide in written consent. Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. We will ask regularly to verify your personal information held by our practice that it is correct and current. You may also request that we correct or update your information; such requests should be made in writing to the practice manager.

How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy very seriously. You should express any privacy concerns you may have in writing. We will attempt to resolve it in accordance with our resolution procedure. Our contact details are:

Practice Manager, Grace Medical Skin & Vein Centre, 16 Princess Steet, Bundaberg East. QLD 4670

Phone: 07 4152 8667, Fax: 07 4153 5424, Email: office@gracemedical.net.au

We will respond within 30 days of writing.

You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OIAC will require you give them time to respond before they will investigate.

For further information: www.oaic.gov.au or call the OAIC on 1300 336 002 or email: mailto:enquires@oaic.gov.au

Privacy and our website

Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes, website usage statistics or to provide enhanced functionality on the site. Our cookies may do some or all of these depending on the page and it’s functionality.

Generally, information obtained by the cookies is de-identified and does not constitute personal information, but it may include the IP address of your computer. We may use this information for additional functionality or to analyse usage patterns You are ultimately in control of your browser’s dealing with cookies. Most browsers are by default set to accept cookies but have the capacity to block or delete them. If you do not wish to receive any cookies you should set your browser to refuse cookies. In some instances, this may mean you will to be able to take the full advantage or parts of the Grace Medical skin & Vein website

Email safety

We do not use encrypted email and cannot guarantee confidentiality of information sent by email. You are welcome to email your enquires, suggestions or concerns to improve our services. Emails are checked by non-medical staff daily. We will try to reply to your enquires as soon as possible, however, patients should not email for any urgent enquires. No medical advice will be given through email due to confidentiality reasons.

Review

This policy is reviewed on an annual basis, or more frequently in response to changes in legal or professional guidelines when applicable. The next review date will be, if not needed sooner, October 2022.