Protecting the privacy of your personal information
Any reference in this document to “Panaceum Group” or “Practice” includes any healthcare organisation operated by the Panaceum Group.
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website and waiting room.
It is necessary for us to collect personal information from patients and sometimes others associated with their health care in order to attend to their health needs and for associated administrative purposes. We will give patients a registration form with a consent to collect, use store and share information on their first visit and at any time for a patient to update.
During the course of providing medical services, we may collect further personal information. This can be from other health care providers, discharge notifications, health funds, Department of Health, electronic transfer of prescriptions (eTP), My Health Record, (e.g. via Shared Health Summary, Event Summaries).
We may also collect information from your communication with us, through our website, SMS, telephone, social media and online appointments.
The information we will collect about a patient can include:
- Names, date of birth, addresses, contact details, and contact details for emergency contacts, ethnicity,
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors,
- Medicare number (where available) for identification and claiming purposes,
- Healthcare identifiers,
- Health fund details.
Use and Disclosure
A patient’s personal health information is used or disclosed for purposes directly related to their health care, and in ways that are consistent with a patient’s expectations. Patient’s information is accessible for use as described in this policy at all above mentioned practice locations. Once collected, the practice staff will use and disclose information for the purposes of: Management of our practice, account keeping and billing purposes, quality assurance, practice accreditation and complaint handling, notifications to medical defence organisations or insurers. Health care providers will use and disclose your information to communicate with other health professionals, hospitals, pathologists and diagnostic services. Communicate with pharmacies including using a prescription exchange service. Provide reminder/recall notices for treatment and preventative healthcare.
In the interests of the highest quality and continuity of health care this practice participates in sending health information to health registries such as national cancer screening register for bowel and cervical cancer screening, Australian Immunisation Register (AIR) etc. This practice sends de-identified data to third parties for the use of practice and national quality improvement activities. Patients are informed of this through our consent to collect, use store and share information form and are free to opt out of these registers and data improvement activities. Speak to practice staff for further information.
There are circumstances when information has to be disclosed without patient consent, such as to prevent or lessen a serious threat to an individual’s life, health or safety; and where legally required to do so, such as producing records to court, medical indemnity insurance obligation, mandatory reporting of child abuse or the notification of diagnosis of certain communicable diseases, medical indemnity insurance obligation.
We will use all the provided patient contact details where necessary to assist with communication relating to direct health care including:
- Clinical Communications (Recalls for tests results etc.)
- Preventative/ clinical health reminders (Blood tests, immunisations, CST reminders)
- Appointment reminders or changes
To the extent practical we will use a patient’s preferred method of contact. The practice will determine with reference to the sensitivity and urgency of the matter which method of communication use.
This practice will send Health awareness information to those patients that have provided consent. This is carefully selected information, communicating such things as seasonal practice open times, influenza vaccine release dates, and health awareness campaigns. A patient can opt in or out of this service at any time.
We can use third party service providers who comply with the Privacy Act 1988 to provide technology assistance with communications and online booking. We currently utilise HotDoc Online Pty Ltd as our communication platform. This will require the controlled and reasonable disclosure of personal and health information, Patients have the ability to opt-out via a welcome email and with the practice and at any time. It is important to note that opting out of third party communications does not opt the patient out from receiving clinical communications and health reminders, by alternative means.
We will also use a patients SMS details to remind them of appointments and appointment changes. A patient can opt in and out at any time, in writing or verbally, with a Panaceum Group staff member.
All patient information held by this practice relevant to the functions of providing health care will be maintained in a form that is accurate, complete and up to date.
The storage, use, and where necessary, transfer of personal health information will be undertaken in a secure manner that protects patient privacy. It is necessary for the practice to keep patient information after a patient’s last attendance for as long as is required by law (7 years or until a minor turns 25 years) or is prudent having regard to administrative requirements. Data will only be accessible to authorised personnel involved in patient care or administration of that care. Any data to go to a third party will be discussed with the patient involved and the patients consent will be obtained and documented except in the exceptional circumstances as listed above in ‘use and disclosure”.
Notifiable Data Breaches Scheme. If a breach of personal information (data) occurs in our practice, we must notify the individuals involved and the Office of the Australian Information Commissioner (OAIC).
This is known as the Notifiable Data Breaches scheme. We must notify the individuals involved and the OAIC if personal information is lost; accessed by an unauthorised person or disclosed to an unauthorised person; and this is likely to result in serious harm to someone; and we can’t take steps to prevent the risk of serious harm.
This practice has made this and other material available to patients to inform them of our policies on the management of personal information. On request this practice will, generally, let patients know what sort of personal information we hold, and for what purposes, and how we collect, hold, use and disclose that information.
Access and Correction
Patients may request access to their personal health information held by this practice or its transfer to another health provider. All requests for access to personal health information will need to be made in writing. The Practice Privacy Officer or the patients normal GP will review and manage the request and will respond to the request within 30 days. A designated form is available for patients to use to request access to personal health information.
This practice acknowledges the right of children and young people to privacy of their health information. Based on the professional judgement of the doctor and consistent with the law, it might be necessary at times to restrict access to personal health information by parents or guardians.
The practice encourages patients to ensure that information held is accurate and up to date and to amend any information that is inaccurate. A charge may be payable where the practice incurs a cost in providing access. This is for administrative costs such as photocopying, etc. Where access is restricted or denied, the reason for this will be explained to the patient by their regular GP.
These are numbers or symbols that are used to identify patients with or without using a name, e.g. Medicare or DVA numbers. The practice will limit the use of identifiers assigned by other agencies to those uses necessary to fulfil our obligations to those agencies e.g. Medicare claims.
A patient has the right to be dealt with anonymously, provided that this is lawful and practical.
However, in the health context this is unlikely to be practical and may in some circumstances impact of the quality of care and treatment. All requests of this nature will be referred to the practice Privacy Officer.
Trans Border Data Flows
The individual’s privacy is protected by federal privacy legislation and relevant state laws. This practice does not send data/information to locations outside of Australia. Any information to be sent overseas would be done with express permission.
Health information is sensitive information for the purposes of the privacy legislation. This means that generally patients’ consent will be sought to collect the information that is needed to make an accurate medical diagnosis, prescribe appropriate treatment and to be proactive in patient health care. We use a consent to collect, use store and share information .This is given to patients at the first visit and at any other time for updating. For further information you can speak to the Privacy Officer; which is our Practice Manager on the premises.
The best way to deal effectively with concerns and complaints is to communicate openly and respectfully. This often reduces the likelihood of the problem escalating and becoming more difficult to deal with.
This practice recognises the right of patients to raise their concerns about privacy and confidentiality. Patients are asked to contact the Practice Privacy Officer or their treating GP if they have any concerns regarding the collection, use or disclosure of their personal health information. We will endeavour to acknowledge your complaint within 2 working days of receiving it. Where possible, a response to your complaint will be provided to you within 14 days of the date we acknowledge your complaint. Where this is not possible, due to the complexity of your complaint or other factors, we will keep you informed.
The Panaceum Group: 233 Lester Avenue, Geraldton WA 6530, 08 9920 8111
Office of the Australian Information Commissioner: 1300 363 992