Your privacy

SECURITY OF INFORMATION IN THE PRACTICE:

This Practice will ensure that your personal information will be kept private by only allowing access by authorised staff with password protection. All Doctors and staff are required to adhere to the Practice’s Computer & Internet policy, to maintain the integrity of our data. We will also ensure the system back-ups are kept safe and away from unauthorised contact.

 

WHAT OTHER RIGHTS DO I HAVE?

You generally have a right to access and correct your health information. For more information about these rights, please see Privacy fact sheet 50: Accessing and correcting your health information.
You generally have a right to not identify yourself, or to use a pseudonym. For example, when using phone counselling services on sensitive issues such as gambling addiction, or attending sexual health clinics. However, a provider does not have to accommodate this when it is impractical to do so, or if they are required by law to identify you (for example, treating a condition which requires mandatory reporting).

 

From the Office of the Australian Information Commissioner

You have the right to make a complaint if you believe a provider has not handled your health information properly. You should talk to your provider first, and give them an adequate opportunity to deal with the complaint (usually 30 days). A provider cannot charge you for making a complaint, and their privacy policy must explain how you can complain to them. If you are not satisfied with their response, you can complain to us.

HEALTH INFORMATION AND YOUR PRIVACY

When you visit one of our doctors or other health service, they may need to ask for health information about you. Australian privacy law governs how your GP can collect, use and share your health information. It also requires them to protect, correct and give you access to your health information. So please take a moment to read this fact sheet and understand the rules and responsibilities in place to protect your health information.

 

WHAT IS MY ‘HEALTH INFORMATION’?

Health information includes information about your health or a disability. It also includes any personal information collected while you are receiving a health service. This means that information such as your name, billing details, your Medicare number, or personal details about your race, sexuality or religion, may also be considered ‘health information’ in this context. Health information is sensitive information and the Privacy Act1 places rules and restrictions as to how health service providers must manage it.

 

WHAT IS A ‘HEALTH SERVICE PROVIDER’?

As you might expect, common examples of health service providers include doctors, pharmacists, dentists, private hospitals and nurses. What you may not know is that allied services — such as counsellors, psychologists, chiropractors, disability services, physiotherapists, naturopaths, masseurs, gyms, weight loss clinics, child care centres and private schools – are also ‘health service providers’ in the context of collecting health information, and are bound by the same rules.

For further information

GPO Box 5218 Sydney NSW 2001 | P 1300 363 992 | E enquiries@oaic.gov.au
Or visit our website www.oaic.gov.au
The information provided in this resource is of a general nature. It is not a substitute for legal advice.

WHEN WILL MY GP COLLECT MY HEALTH INFORMATION?

Generally, our GPs will only collect your health information when you consent; should only collect it directly from you; and should only collect information when we need to carry out a service to you. Your consent to collection should be explicitly given, although there may be times where your consent can be assumed. For example, your doctor would normally make notes of symptoms during an appointment, so your consent to do so is implied unless you ask them not to. In some situations, our doctors may not need your consent, such as in an emergency. For example, if you were unconscious and required urgent treatment, information about you could be collected from your family or doctor without your consent.

 

WHAT DOES MY GP NEED TO TELL ME ABOUT MY PRIVACY?

Your doctor should ensure you understand why they are collecting your health information, how they will store and protect it, and if there are other parties they may disclose it to. They can tell you this verbally or in writing. It is common practice to provide it to you with a written notice on forms you fill out. All health service providers are required to have a privacy policy outlining how they handle health information.

 

HOW WILL A GP USE MY HEALTH INFORMATION? CAN THEY SHARE IT WITH OTHER PARTIES?

A provider can use and share your health information for the purpose for which they collected it, or for a directly related purpose you would reasonably expect. For example, a GP collects your health information to diagnose and treat you. They then use this information to bill you for the services provided – this activity is directly related and you would expect them to do so.
Similarly, if a GP needs to refer you to a physiotherapist for broken leg muscle strain, you would expect them to provide details and history relevant to that injury, but you may not expect them to provide details of your appendicitis five years earlier. Providers can also use or share your health information for any other purpose if you consent. So, if your GP knows an excellent trainer for people recovering from arm injuries they can provide your details to them, if you agree. A provider can only use and/or share your health information for direct marketing purposes if you have consented to them doing so, and you can ask them (or any other organisation they have given your details to), to stop sending you communications if you change your mind.

 

COLLECTION OF PERSONAL INFORMATION:

Our Practice will need to collect your personal health information for the provision of clinical services. Your Doctor will need medical information including past medical history, medications, allergies, adverse events, immunisations, social & family history and risk factors. This can be discussed with your Doctor in private. Collection of personal information will include name, address and contact details, Medicare numbers & health identifiers. If you are visiting the Practice for the first time, you can choose to complete a form for this information.
In some circumstances, this information may be collected from a patient’s guardian or responsible person, or from any other involved healthcare specialist. The Practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.

 

USE AND DISCLOSURE OF PERSONAL INFORMATION:

Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to.
The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation or for the provision of information technology. These parties are required to comply with this policy.
Your Doctor may be legally obliged to disclose the information e.g. mandatory notification of certain infectious diseases, suspected child abuse or a subpoena or court order.
The Practice will not disclose personal information to anyone outside of Australia without patient consent. The Practice has recall systems in place for chronic disease management, Pap smear and health reminders etc. Patients who do not wish to receive these should notify their Doctor or Nurse.