Background and Rationale
We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Australian Privacy Principles (APP) and associated Federal and State Privacy Legislation. The APP complement the long-standing General Practice obligation to manage personal information in a regulated, open and transparent manner.
The Practice’s staff will take reasonable steps to ensure patients understand what information is being collected, why the information is being collected, how it will be used or disclosed, why and when their consent is necessary, the Practice’s procedures for access to and correction of information, and responding to complaints of information breaches.
The Practice will only interpret and apply a patient’s consent for the primary purpose for which it was provided. The Practice staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of Information
The Practice will need to collect personal information for the provision of clinical services to a patient and for claiming purposes at the practice. Collected personal information may include patients’ names, addresses, date of birth, gender, ethnicity, religion, contact details, Medicare number and Healthcare Identifiers (where available), and credit card / debit card details.
We also carefully collect medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
We collect information in various ways, such as over the phone or in writing, in person in our clinic or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.
A patient’s personal information may be held at the Practice as paper records, as electronic records or as visual records – x-rays, CT scans, videos and photos.
Information is first collected via registration when patients present to the Practice for the first time. Patients are encouraged to pay attention to the collection statement within the form and information about the management of collected information and patient privacy. Further information is obtained by the Practice’s healthcare practitioners during the course of providing medical services. In addition, personal information may also be collected from the patient’s guardian or responsible person (where practicable and necessary), or from any other involved healthcare specialists.
Use and Disclosure of Information
We will treat your personal information as strictly private and confidential. Personal information will only be used for the purpose of providing medical services and for claims and payments, unless otherwise consented to. Some disclosure may occur to third parties engaged by or for the Practice for business purposes, such as Accreditation or for the provision of Information Technology. These third parties are required to comply with this Policy under signed, written agreements.
The Practice will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
The Practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
–required by law
–necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
– to assist in locating a missing person
– to establish, exercise or defend an equitable claim
– for the purpose of a confidential dispute resolution process.
The Practice may use a patient’s contact information as supplied to the Practice (mailing address, telephone numbers (including mobile phones) and email addresses) in order to contact patients for appointment reminders, recall reminders and to request a patient to attend to discuss, for example, test results. At no time will a patient’s actual medical information be sent to them in this way (as we have no way to guarantee who sees it) without the patient’s express permission. For the above reasons, the practice does not undertake to give medical advice to patients via email requests. If a patient wishes to forward copies of their confidential medical information to us via email, to firstname.lastname@example.org, they are considered to be doing so at their own risk.
The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent. Patients may opt-out of direct marketing at any time by notifying the Practice in a letter or email.
The Practice evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
Data Quality and Security
We will take all reasonable steps to ensure that your personal information is accurate, compete, up to date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by securing our premises, using passwords and varying access levels on databases to limit access and protect electronic information from unauthorized interference, access, modification and disclosure, providing locked cabinets and rooms for the storage of physical records. Offsite backups are encrypted and password-protected, and held in Brisbane.
Access, Corrections and Privacy Concerns
Patients may request access to their medical records. Patients are encouraged to make this request in writing, and the Practice will respond within a reasonable time. We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision
The Practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, the Practice will ask patients to verify the personal information held by the Practice is correct and up to date. Patients may also request the Practice corrects or updates their information, and patients should make such requests in writing.
The Practice takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing. The Practice will then attempt to resolve it in accordance with its complaint resolution procedure. This is detailed in a separate document, available on request.
In regard to any privacy concern, you can contact us at:
Phone: 07 3378 1600
Fax: 07 3378 1900
Post: Indooroopilly Family Practice, Shop 1019, 318 Moggill Road, Indooroopilly, QLD 4068