Privacy Policy

Practice Privacy Policy

We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles (APP) and relevant State and Territory privacy legislation.

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information.

Our policy informs you whether we are likely to disclose personal information to overseas recipients, and if so, the countries in which such recipients are likely to be located if it is practicable to specify those countries.

It also explains how you may make a complaint about a breach of privacy legislation. This Privacy Policy is current from May 2020. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information.

Your Privacy Is Our Business

The Federal Privacy Act incorporates thirteen Australian Privacy Principles (APPs) that set out the rules for the handling of personal information in the private sector. In the interests of providing quality health care, this practice has developed a privacy policy that complies with privacy legislation and the APPs.

APP 1 Open and Transparent Management of Personal Information
Our practice has made this and other material available to you to inform you of our policies on management of personal information. On request, our practice will let you know, generally, what sort of personal information we hold, for what purposes, and how we collect, hold, use and disclose that information.


APP 2 Anonymity and Pseudonymity
You have a right to be dealt with anonymously or by using a pseudonym, provided this is lawful and practicable. However, in the medical context this is not likely to be practicable or possible for Medicare and insurance rebate purposes. It could also be dangerous to your health.

APP 3 Collection of Solicited Personal Information
It is necessary for us to collect personal information from patients and sometimes from others associated with their health care in order to attend to the patient’s health needs and for associated administrative purposes. ’Personal information’ is any information recorded about a person where their identity is known or could be reasonably worked out. We will be fair in the way we collect information about our patients. This information is generally collected directly from our patients, but from time to time we may receive patient information from other sources including, but not limited to, other healthcare practitioners and healthcare services. When this occurs we will, wherever possible, make sure you know we have received this information. Personal information also includes clinical imaging and web log files. If you are unwilling to provide any of the information we request, please discuss it with us. In certain circumstances this may require you to seek professional services elsewhere and not from us.
Health information is ‘sensitive information’ for the purposes of privacy legislation. This means that generally your consent will be sought to collect such health information that is necessary to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in your health care.


APP 4 Dealing with Unsolicited Personal Information
If our practice receives unsolicited personal information we will determine, within a reasonable period after receiving the information, whether or not we could have collected the information under APP 3 — as if we had solicited the information. For instance, our practice often receives unsolicited personal information in the form of referrals directly from referring medical practitioners. We will assess the information to ensure it is addressed to our practice and/or one of our medical practitioners — if this is the case, the personal information will be treated as if we had solicited the information.
We may use or disclose the personal information for the purposes of making the determination. If we determine that we could not have collected the personal information under APP 3, for example, the information is addressed to the wrong practice/medical practitioner; and the information is not contained in a Commonwealth record, as soon as practicable, and lawful and reasonable to do so, we will destroy the information or ensure that the information is de-identified.


APP 5 Notification of the Collection of Personal Information
At or before the time or, if that is not practicable, as soon as practicable after, our practice will notify or make the individual from whom we collect personal information aware of our privacy policy.


APP 6 Use and Disclosure
A patient’s personal health information is used (i.e. by our practice) or disclosed (i.e. to others) for purposes directly related to their health care and in ways that are consistent with patients’ expectations (the primary purpose). In the interests of the highest quality and continuity of health care, this may include sharing information with other healthcare providers who comprise a patient’s medical team from time to time. In addition, there are circumstances when information will be disclosed without patient consent such as:
• Emergency situations;
• When required or authorised by or under an Australian law or a court/tribunal order;
• By law, doctors are sometimes required to disclose information for public interest reasons (e.g. mandatory reporting of some communicable diseases);
• It may be necessary to disclose information about a patient to fulfil a medical indemnity insurance obligation and medical defence purposes;
• Provision of information to Medicare or private health funds, if relevant, for billing and medical rebate purposes;
• To credit agencies and debt collection agencies in the event of default on bill payment after fair warning;
• A patient’s involvement in unlawful activity.

In general, a patient’s health information will not be used for any other purpose without their consent.
There are some necessary purposes of collection for which information will be used beyond providing health care (the secondary purpose), such as professional accreditation, quality assessments, clinical audit, billing, patient satisfaction surveys and so forth.
The doctors of our practice use shared patient files and therefore all patient records collected at this
practice will be available to any medical practitioner you see at this practice.


APP 7 Direct Marketing
Direct marketing involves the promotion of goods or services directly to patients, for example advertising via post, email, and SMS.
Where our practice collects personal information directly from an individual, it may use or disclose that information (other than sensitive information) for the purpose of direct marketing if:
• the individual would reasonably expect our practice to use or disclose the information for the purpose of direct marketing; and
• our practice provides a simple way of opting out of direct marketing; and
• the individual has not already requested to opt out of direct marketing from our practice.

Individuals may request that our practice provide its source of their information. If such a request is made, our practice must notify the individual of its source without any charge within a reasonable period of time, unless it is impracticable or unreasonable to do so.

Related Commonwealth laws such as the Spam Act 2003, the Freedom of Information Act 1982 and the Do Not Call Register Act 2006 apply.

If an individual’s mobile number and/or Email address has been provided to our practice, these may also be used as a method of electronic communication, such as providing SMS/Email appointment reminders, newsletters and so forth. You may request to opt out of this method of communication
at any time.

We do not disclose personal information to third parties for the purposes of any direct marketing by them .

APP 8 Cross-border Disclosure of Personal Information
An individual’s privacy is protected Australia wide by privacy laws. We will take steps to protect patient privacy if information is to be sent interstate or outside Australia. Our practice will not disclose personal information to recipients overseas, without that individual’s consent.
Our practice primarily stores and retains a patient’s personal & health information in electronic form in a cloud environment through our IT provider. Our IT provider is compliant with the Australian
Privacy Principles, including ensuring all information is secured by the physical security of purpose-
built Australian-based data-centres, and their IT security systems.
Our IT provider holds your information as a ‘de-identified’ data-set and does not hold any rights, intention, or facility to access, classify or use that data for any reason other than secure custodianship.
Our IT provider will not provide your information to an external party without your express written Permission (other than that lawfully required by Australian Government or Law Enforcement Organisations).
Our practice may also choose to store and retain a patient’s personal/health information in hard copy and/or electronically either on site or with our secure Perth-based document archive storage
provider.

APP 9 Adoption, use or disclosure of Government Related Identifiers
These are the numbers, letters or symbols that are used to identify you with or without the use of a Name (e.g. Medicare/DVA numbers). We will limit the use of identifiers assigned to you by
Commonwealth Government agencies to those uses necessary to fulfil our obligations to those agencies.

APP 10 Quality of Personal Information
Our practice will take such steps as are reasonable to ensure that the personal information that it collects, uses and discloses is accurate, up-to-date, complete and relevant.

APP 11 Security of Personal Information
The storage, use and, where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for medical practices to keep patient
information after a patient’s last attendance for as long as is required by law or is prudent having regard to administrative requirements.

APP 12 Access to Personal information
You may request access to your personal health information held by this practice. While not required to give reasons for your request, you may be asked to clarify the scope of the request:
• Where such a request is made, strict identification criteria are used so as information is not mistakenly disclosed.
• There are some circumstances in which access is restricted, and in these cases reasons for denying access will be explained.
• A charge may be payable when the practice incurs costs in providing access.
• The material in which the doctor has copyright might be subject to conditions that prevent further copying or publication without the doctor’s permission.

This practice acknowledges the right of children to privacy of their health information. Based
on the professional judgment of the doctor and consistent with the law, it might at times be necessary to restrict access to personal health information by parents or guardians.
• Upon your request, your health information held by this practice will be made available to another health service provider.

APP 13 Correction of Personal Information
Our practice will take all reasonable steps to amend or correct any personal information held that is
not accurate, complete or up-to-date. If our practice corrects personal information about an
individual that we have previously disclosed to another party and the individual requests that we notify the other party of the correction, we will take such steps (if any) as are reasonable in the
circumstances to give that notification unless it is impracticable or unlawful to do so.
If you and our practice disagree about whether your information is accurate, complete and up-to-date, you may request that our practice associate the information with a statement claiming that the
information is not accurate, complete or up-to-date.
Our practice will provide reasons for denial of access or a refusal to correct personal information.


Further Information
It is important to us that your expectations about the way in which we handle your information are
the same as ours. You should feel free to discuss any concerns, questions or complaints about any
issues related to the privacy of your personal information with us. If you believe a privacy breach has occurred, please email or write to:
Practice Manager
106 Outram Street
West Perth WA 6005

In dealing with your complaint, we will communicate time frames to you based on the nature and complexity of your concern and will do our utmost to adhere to these.
If you are dissatisfied with our response to your privacy complaint, please contact the Office of the
Australian Information Commissioner (OAIC) for further advice by telephone (1300 363 992) or by
visiting their website (www.oaic.gov.au).

Use of Third-Party Medical Services or Tools
Our practice may use third-party websites, products and services to enhance our patient’s experience. Our practice may also use or offer products or services from third parties. Information
collected by third parties, which may include such things as location data, contact details, or clinical
imaging you have provided or consented to our practice using, is governed by their privacy practices.
We encourage you to learn about the privacy practices of those third parties.

Archives