PRIVACY POLICY

PATIENT CONSENT TO COLLECT & DISCLOSE INFORMATION

INTRODUCTION

We are committed to protecting the privacy of patient information and to handling that personal information in accordance with the Privacy Act 1988, the Privacy Amendment Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation). This privacy policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you make a complaint about a breach of privacy legislation.

This Privacy Policy is current from May 2014. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available in the practice and you may request to see any new changes that may not be in this document.

The Privacy Act 1988 requires medical practitioners to obtain consent from their patients to collect, use and disclose that patient’s personal information.

COLLECTION

We will collect information that is necessary and relevant to provide you with medical care and treatment. Your Patient Health Record will include necessary information such as your name, address, date of birth, gender, health information, family history and contact details.

This enables the practice to have a summary of past medical history, current medications and clinical findings and an up-to date management plan. Patient Health Records will be updated (as practicable) either during or shortly after consultations by clinical staff making the entry.

Wherever practicable we will only collect information from your personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers.

We collect information in various ways, such as over the telephone or in writing, in person in our practice or over the internet if you transact with us online. This information may be collected by medical and non-medical staff. We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services, i.e. for 7 years since your last visit or if under 18 years, until the age of 25 or 7 years since your last visit, whichever is the greater.

USE & DISCLOSURE

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.

Referrals to specialist or alike are amended by GP's and prepopulated accordingly so that only relevant information can be electronically distributed.

Consent to Audio/Visual & Electronic recording forms are available when required and stored into patient records.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, Insurers, Solicitors, Government regulatory bodies, tribunals, courts of law, hospitals or debt collection agents. We may also from time to time provide statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

DATA QUALITY & SECURITY

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information that we hold about you is incorrect or out of date.

Personal information that we hold is protected by: Up to date computer security devices and programs, placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorized interference, access, modification and disclosure, and is stored behind reception without access to the general public.

ACCESS

You are entitled to request access to your medical records. We ask you to put your request in writing and we will respond to it within a reasonable time. There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records. We may deny access to your medical records in certain circumstances permitted by law, for example if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

COMPLAINTS

If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures. If you are dissatisfied with our handling of a complaint or the outcome, you may make an application to the Australian Information Commissioner or the Privacy Commissioner on 1300 363 992.

OVERSEAS TRANSFER OF DATA

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required by law to do so.

CONTACT

Please direct any queries, complaints or requests for access to medical records to:

Our reception staff

Ph (08) 9964 4740 or (08) 9921 6099 or Fax (08) 9964 3410

Or in writing to

Dr Kim Pedlow

Victoria District Medical Centre

151 Durlacher Street, Geraldton WA 6530

Summary of the National Privacy Principles

Principle 1- Collection

An organisation is prohibited from collecting personal information unless the information is necessary for one or more of its functions. An organisation must not collect personal information other than in a lawful, fair and not unreasonably obtrusive way and must disclose certain information at or before the time it collects personal information, including its identity and the purpose for which the information is collected. Additionally (subject to some exceptions) organisations should only collect personal information about individuals from the individuals themselves.

Principle 2 – Use and Disclosure

Subject to some exceptions, an organisation is prohibited from using or disclosing personal information for a purpose other than the primary purpose for which it was collected. Exceptions include:

where the individual has consented;
where the secondary purpose for which the personal information will be used is related to the primary purpose and a person would reasonably expect the personal information to be used or disclosed in that way; and
the use of non-sensitive personal information in direct marketing, subject to conditions, (which include a right for the individual to opt-out of further direct marketing after the first contact).

Principle 3 – Data quality

An organisation must take reasonable steps to ensure the accuracy and currency of personal information in its possession.

Principle 4 – Data security

An organisation must take reasonable steps to secure the personal information in its possession from misuse and loss and from unauthorised access, modification or disclosure, and must destroy or de-identify the information if it is no longer needed.

Principle 5 – Openness

An organisation must have documented and accessible policies with regard to the management of personal information and must also inform a person, upon request, of the sort of personal information that it holds, the purposes for which it is held and how the information is collected, held, used and disclosed

Principle 6 - Access and correction

An organisation must provide individuals with access to personal information held about the individual, other than in exceptional circumstances, and incorporate processes for the correction of the information on the request of the individual, or if there is some disagreement as to the correction, allow a statement to be associated with the information noting that the individual desires a correction.

Principle 7 - Identifiers

In general terms there is a prohibition on the use by organisations for their own purposes of identifiers assigned by Government agencies (such as tax file numbers, and Medicare numbers).

Principle 8 - Anonymity

Unless unlawful or impractical, individuals must be given the option of not identifying themselves when transacting with an organisation.

Principle 9 - Transborder data flows

Essentially this principle applies to transfers of information outside Australia, the intention being that effective privacy protection must be ensured in respect of such transfers, subject to limited exceptions, including where the individual has consented or where there is evidence of reasonable steps undertaken by the organisation to ensure that any information transferred will not be held, used or disclosed inconsistently with the NPPs.

Principle 10 - Sensitive information

Other than in exceptional circumstances, an organisation is not permitted to collect sensitive information, defined to mean information or an opinion (which is also personal information, as defined) about an individual's racial or ethnic origin; political opinion; membership of a political association; religious beliefs or affiliation; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; criminal record; or health. Exceptional circumstances include where the individual has consented or where the collection is necessary for the protection of an individual who is physically incapable of giving or communicating consent.

For more information on the National Privacy Principles, see the National Privacy Principles guidelines, issued by the Office of the Federal Privacy Comissioner. The full text of the NPPs can be found at the Federal Privacy Commisioner's website: http://www.privacy.gov.au/