Privacy Policy

Privacy Policy

Purpose

To ensure patients who receive care from the Practice are comfortable in entrusting their health information to the Practice. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within the Practice, and the circumstances in which we may disclose it to third parties.

Background and rationale

The APP provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consist of 13 principle-based laws and apply equally to paper-based and digital environments. The APP complement the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.

This policy will guide Practice staff in meeting these legal obligations. It also details to patients how the Practice uses their personal information. The policy must be made available to patients upon request.

Practice procedure

The Practice will:

  • provide a copy of this policy upon request
  • ensure staff comply with the APP and deal appropriately with inquiries or concerns
  • take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
  • collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.

Staff responsibility

The Practice’s staff will take reasonable steps to ensure patients understand:

  • what information has been and is being collected
  • why the information is being collected, and whether this is due to a legal requirement
  • how the information will be used or disclosed
  • why and when their consent is necessary
  • the Practice’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.

 

Patient consent

The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose, which is on our new patient form.

Use and disclosure of information

Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with this policy. The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).

The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.

Exceptions to disclose without patient consent are where the information is:

  • required by law
  • necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of a confidential dispute resolution process.

The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email.

The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.

What information is collected?

At Ladywood Clinic we collect your personal information regarding your demographic, social and physical details.

The personal information collected will include, but is not limited to:

  • Your full name
  • Date of Birth
  • Address
  • Telephone Number
  • Medicare Number
  • Next of Kin and Emergency Contact names and numbers
  • Health Care Fund
  • cultural background
  • Occupation

We also collect information related to your health care needs. This information may include:

  • reports from specialist health care providers
  • Blood & x-ray and other investigation reports and all other correspondence that it addressed to your doctor and arrives via mail, fax or electronic means.
  • Current Drugs/Medication or treatment used by patient
  • Current and Previous medical history, including where clinically relevant, family medical history
  • The Name of any health service provider or medical specialist to which the patient is referred
  • Copies of any letter of referrals and any reports relating to the patient

Your doctor also keeps a media file which he creates over your time as our patient. The doctor updates this file with your medical history, past illnesses and diagnosis, past treatment plans and their outcomes.

This practice is bound by the Federal Privacy Act (1988) and National Privacy Principles, and also complies with the Health Records and Information Privacy Act NSW 2002 when handling your personal information

Why information is collected?

Your information is collected to enable our Doctors and Staff to coordinate and manage your primary health care.

How the practice maintains the security of information held at the practice?

Your file is kept on a security data base in a dedicated clinical patient administration system on premises. There are multiple security applications protecting this electronic information.

All non-electronic information that we received is transferred into electronic format and destroyed through a security contractor.

The range of people within the practice team (eg. GPs, general practice nurses, general practice registrars and allied health professionals), who may have access to patient health records and the scope of that access.

The practice delegates various levels of authority to GP’s, Allied Health, Practice Managers and Administrators. This level of authority represents the individual’s requirements to execute their specific task and provide quality health care services.

The procedures for patients to gain access to their own health information on request

Patients are able to access their own health information on request by filling out Request for Personal Health Information form available at reception.

The way the practice gains patient consent before disclosing their personal health information to third parties.

Ladywood Clinic may release your personal information to third parties only when it relevant to your clinical and health care management.

Patient consent for the transfer of health information to other providers or agencies is obtained on the first visit.

The process of providing health information to another medical practice at the patients request .

Patients are able to request that their medical records are made available in a format that can be transferred to another practice. Patients are able to complete the ‘Request for Medical Records Transfer form’ for this to occur.

Ladywood Clinic charges $50 administration fee for this service.

The use of patient health information for quality assurance, research and professional development.

The practice from time to time may use your personal information for internal quality improvement, training and professional development for Health Care Staff. The practice does not release your personal information to third parties for these purposes.

The procedures for informing new patients about privacy arrangements.

The practice has a privacy poster on the notice board and available on their web site. Patients are encourage to read these disclosures when joining the practice.

The way the practice addresses complaints about privacy related matters.

Patients are able to forward complaints orally or written. The practice will document and investigate your complaint. The practice can address complaints about privacy related matters by recording the complaint and ensuring that systems that led to these circumstances occurring are reviewed and adjusted. Information and Authority complaints forms to the Health Services Commissioner are available from our reception.

The practice’s policy for retaining patient health records.

The practice retains your health records for 7 years after your last visit. These are electronic records only. After this time the records are destroyed.

What to do if you believe the information we hold about you is inaccurate

If you believe that any information that we hold about you is inaccurate or out of date, please contact us and we will review the relevant information

 

 

Ladywood Clinic: Collection Statement

 

Ladywood Clinic collects personal information to enable our Doctors and Staff to coordinate and manage your primary health care. Patients are able to access their own health information on request by filling out Request for Personal Health Information form available at reception.

Some information is required to be collected by law. Under the Health (Infectious Diseases) Regulations 2001, Medical Practitioners are to report specified infectious diseases to the Department of Human services.

Ladywood Clinic may release your personal information to third parties only when it relevant to your clinical and health care management. These third parties may be specialist doctors, diagnostic services and health care organizations involved in your treatment. Please note that withholding information which is requested from you may reduce the level of care that you received from our practice and from third parties involved in your treatment.

Prior to a patient signing consent to the release of their health information, patients are made aware they can request a full copy of our privacy policy and collection statement.

Patient consent for the transfer of health information to other providers or agencies is obtained on the first visit.

Ladywood Clinic aims to meet all privacy and personal information legislation and protocols. This practice is bound by the Federal Privacy Act (1988) and National Privacy Principles, and also complies with the Health Records and Information Privacy Act NSW 2002 when handling your personal information. We store your personal information in a secure electronic format and only designated individuals involved in your care have access to it.

Related resources

Royal Australian College of General Practitioners 

RACGP: Handbook for the management of health information in general practice
RACGP privacy policy: Managing patient health information
Australian Privacy Principles: Privacy fact sheet 17
Australian Information Commissioner : Telephone 1300.363.992