Pritchard Health Privacy and Confidentiality policy
(Current as of May 1, 2018)
Why and when your consent is necessary
When you register as a patient of a practitioner who provides their services at the Clinic, you provide consent for practitioners using the Clinic premises and staff at the Clinic to access and use your personal information, so they can provide you with the best possible healthcare. Only practitioners and staff at the Clinic who need to see or use your personal information will have access to it.
Why do we collect, use, hold and share your personal information?
Collection of your personal information is needed to provide healthcare services to you. The main purpose for collecting, using, holding and sharing your personal information is to manage your health. It is also used for directly related business activities, such as financial claims and payments, business audits and accreditation, and business processes (e.g. practitioner orientation and staff training).
What personal information do we collect?
The information that will be collected about you includes (but is not limited to) your:
name/s, date of birth, addresses, contact details
medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
Medicare number (where available) for identification and claiming purposes
health fund details
Dealing with us anonymously
A patient has the right to be dealt with anonymously, provided that this is lawful and practical. However, in the health context, this is unlikely to be practical and may in some circumstances impact of the quality of care and treatment. All requests of this nature will be considered individually.
How do we collect your personal information?
Your personal information may be collected in several different ways:
When you make your first appointment at the Clinic, staff or a practitioner will collect your personal information via your registration form.
A collection statement is included in the patient registration form.
2. During the course of providing health care services, further personal information may be collected.
Information can also be collected through electronic transfer of prescriptions (eTP), electronic referral systems such as Referral Point (an Australian Government initiative) and electronic reports such as pathology reports.
Your personal information may also be collected when you visit the Clinic website, send the Clinic an email or SMS, telephone the Clinic or leave a voice mail message.
3. In some circumstances, personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
your guardian or responsible person
other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom is your personal information shared?
Sometimes, your personal information may be shared:
with third parties who work with a practitioner who provides their services at the Clinic or staff at the Clinic for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs)
with other healthcare providers and assistants, such as qualified healthcare interpreters
when it is required or authorised by law (e.g. court orders)
when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
to assist in locating a missing person
to establish, exercise or defend an equitable claim
for the purpose of confidential dispute resolution process
when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
during the course of providing health services and through electronic business processes such as, but not limited to, electronic prescription services, electronic referral systems and electronic claiming services.
Only people who need to access your information will be able to do so. Other than in the course of providing health services, or as otherwise described in this Policy, the Clinic will not share personal information with any third party without your consent.
The Clinic will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying the Clinic in writing.
How do we store and protect your personal information?
Your personal information may be stored in various forms.
The Clinic keeps hard-copy and electronic records and takes all reasonable steps to protect the security of the personal information held against loss, unauthorised access, use, modification or disclosure, or other misuse.
Practitioners providing services at the Clinic and staff at the Clinic are required to keep hard-copy records in locked files and there are security processes in place regarding access to electronic records and data.
Electronic records and data are stored in specialist cloud-based, health care practice management software and on the Clinic based computer system. Cloud-based storage may be overseas, in the USA, in which case it will be held in a certified data center. Only those that the Clinic gives permission to can access electronic records and data.
It is necessary for the Clinic to keep patient information after a patient’s last attendance for as long as required by law or is prudent, having regard to administrative requirements.
The Clinic requires practitioners and staff to meet all confidentiality obligations.
How can you access and correct your personal information?
You have the right to request access to, and correction of your personal information.
The Clinic acknowledges patients may request access to their health records. We require you to put this request in writing and address your request to the practitioner you see at the Clinic. The Clinic will respond within a reasonable time and not longer than 30 days.
The Clinic will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by the Clinic is correct and current.
You may also request that we correct or update your information, and you should make such requests in writing addressed to Pritchard Health Administration and either post it to 223 Roslyn Road Highton Victoria 3216, deliver it in person as a hard copy, or send your request as an email to firstname.lastname@example.org
How can you lodge a privacy-related complaint, and how will the complaint be handled at the Clinic?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure.
You should express such concerns or complaints in writing addressed to Pritchard Health Administration and either post it to 223 Roslyn Road Highton Victoria 3216 or send it as an email to email@example.com.
Should you have any questions about the process, you can call Pritchard Health on 03 4222 6165.
We will endeavour to acknowledge your complaint within 2 working days of receiving it. Where possible, a response to your complaint will be provided to you within 14 days of the date we acknowledge your complaint. Where this is not possible, due to the complexity of your complaint or other factors, we will keep you informed.
You may also contact the Office of the Australian Information Commissioner (OIAC), which administers the Privacy Act 1988 (Cth) and is able to assist individuals who have complaints regarding certain privacy issues.
Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and our website
The Clinic will not disclose information about your individual visits to our website or any of the personal information that you provide such as your name, telephone number or email address details to any outside parties without your consent, except when required by law to do so.
The Clinic will only record your email address if you send us a message. Your e-mail address will only be used or disclosed for the purpose for which you have provided it.
Policy review statement