At Health Plus General Practice (HPGP), your privacy is of utmost importance to us. We endeavor to provide the best possible health care and customer service whilst maintaining privacy and confidentiality.
This policy will be reviewed and modified as needed to reflect current privacy practices.
The Australian government has set strict guidelines to protect the privacy of your information. To ensure the preservation of confidentiality, HPGP is committed to following the guidelines set by the Privacy Act 1988 (Cth) (as amended) (“Privacy Act”) as well as the “Handbook for the Management of Health Information in Private Medical Practice” (authored and published by the Royal Australian College of General Practitioners and the Committee of Presidents of Medical Colleges).
Your Reasonable Expectations of HPGP
As a patient of HPGP, it is your right to expect each of our employees, contractors, and students to:
- Be open and honest in their dealings with you
- Respect your privacy and keep your personal information confidential unless disclosure is authorized by you or by law
- Use your personal information only for the purpose of providing you with the most appropriate care and services
- Follow government and organizational policies and protocols to ensure the privacy of your information is protected
Consent to Collect, Use, and Disclose Personal Health Information
Your health information refers to information pertaining to your health, medical history, and past and future medical care. As a patient of HPGP, we ask that you provide your personal details and health information so that we may properly assess, diagnose, treat, and be proactive in your health care needs.
We require your consent to collect, use, and disclose your personal health information to provide you with safe, efficient healthcare. Your consent will be collected when you are registered as a patient of the practice by signing our “Patient Registration Form”. Later, your consent will be obtained verbally before any medical procedure is conducted.
Protection and Storage
HPGP staffs are educated in the principles and importance of doctor-patient confidentiality as well as the protection of digital databases within cloud-based software. Only staff who need to see your personal information will have access to it.
We take all reasonable steps to ensure your personal information is protected from misuse and/or loss, and from unauthorized access, modification, and disclosure. We hold and store your information in electronic format. Hard copies of your personal health information are scanned and uploaded to your electronic medical record. Paper copies are then de-identified and destroyed confidentially.
To ensure your personal information is kept safe from damage, loss or theft, a complete backup of the electronic medical record is performed daily, and the backup drive is stored securely. Any access to electronic medical records is password protected and the passwords changed on a regular basis.
If we require your information for anything else, we will seek additional consent from you directly. HPGP has supplementary consent forms which provide more details on specific personal information should the need arise. During your care, if you are asked to complete a consent form, you have the right to specify certain restrictions on information that we hold relating to you. Please speak with your healthcare provider if you have any concerns about any consent forms.
As a healthcare provider, we collect your personal information so that we may provide you with the most effective and appropriate care. We also use it for business purposes such as financial claims and payments, practice audits and accreditation, and for staff training.
Information collected includes, but is not limited to:
- Personal details: Your full name, date of birth, addresses, personal contact numbers, email, emergency contact and next of kin contact details, signature
- Medical Information: family and personal health history, medications, allergies, adverse reactions, immunizations, healthcare identifiers
- Financial: Where applicable, Medicare Number for identification and claiming purposes, government health card details, health fund details
- Clinical: Consultation notes, referrals or letters to/from other health service providers, results and reports, past medical history
Examples of when data is collected:
- Our staff will collect your personal and demographical information during booking and registration
- During the provision of medical services, we may collect further personal information
- During the therapeutic relationship, if you contact HPGP using our website, email, phone, social media, or make a booking online, we may collect further personal information
- In some circumstances, information may be collected from other sources. Often this is because it is not practical or reasonable to collect from you directly. This may include information from:
- Your legal guardian or other delegated contact
- Other involved healthcare providers who may include but are not limited to: specialists, allied health providers, community health services, pathology, and diagnostic imaging services.
- Where applicable, Medicare, Government Health Agencies, the Department of Veteran’s Affairs, your health fund,
We endeavor to collect this information directly from you and aim to ensure that all information is accurate and kept current. In an emergency, or if it is not possible to collect information from you directly, we may need to contact your designated Emergency Contact or Next of Kin. We may also need to collect information from other health service providers who have treated you so we can provide the care that best suits your individual requirements. You have the right to deal with us anonymously or under a pseudonym, unless it is impracticable for us to do so or unless we are required or authorized by law to only deal with identified individuals. If you do not wish for us to collect certain information about you, please let us know and we will discuss with you if this may have any consequences to your care.
Use and Disclosure
Staff will only use or disclose your information in ways that you would reasonably expect and for purposes directly related to your care. Examples include:
- If you have specifically requested and consented to the disclosure
- In accordance with the Privacy Act 1988 (Cth), disclosure is to your responsible carer, if you are physically or legally incapable of giving consent to the disclosure, or for compassionate reasons unless there is good evidence of your wish to the contrary
- For the diagnosis and treatment of health conditions, including disclosure to other doctors in the practice, specialists, locums and other health care providers to ensure quality patient care. This includes communications regarding treatments and notifications about recommended preventative health care services
- For use by third parties directly associated with our practice such as our information technology providers and accreditation agencies. Third parties such as these are required to comply with a confidentiality agreement and this policy
- For billing and accounting purposes
- During the provision of medical services, through Electronic Transfer of Prescriptions (eTP), MyHealthRecord/ PCEHR (ie: via Shared Health Summary, Event Summary)
- To allow medical students and staff to participate in medical training and teaching, using de-identified information
- When it is necessary to lessen or prevent serious or imminent threat to an individual’s life, health, or safety or to prevent a criminal offense or seriously improper conduct from occurring
- When it is required for judicial, administrative or coronial proceedings or is requested under a court order or subpoena
- When it is the subject of a search warrant or is required to help identify or locate a patient
- When it is required to assist in organ donation
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- In confidential dispute resolution processes
- Where legally obliged to disclose the information (ie: notification of certain infectious diseases, suspected child abuse)
- For research, accreditation, and quality assurance activities within the practice, using de-identified aggregate patient health information
We will not share your personal information with anyone outside Australia without your consent unless under exceptional circumstances that are permitted by law. Exceptions include if you are in need of urgent medical assistance overseas, or where medical evacuation is required. We will take all reasonable steps to ensure that information disclosed to an international third party is protected and treated confidentially.
Our practice will not use your personal information for marketing any of our goods or services directly to you without your expressed consent. Should you consent, you may opt-out of direct marketing at any time by notifying our practice in writing.
Website and Email Security
No data or transmission over the internet can be guaranteed to be secure. Therefore, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you choose to transmit to us online and/or via email is transmitted at your own risk.
We may measure and record information about the number of visitors and their use of the site for trends and statistics for marketing purposes or for the purpose of making the website more relevant and user-friendly.
Our website may provide links to other websites. We are not responsible for the privacy practices of the operators of those websites and are not liable for their conduct. The terms and conditions of those websites should be checked carefully before any personal information is disclosed on any linked website.
Access to Your Information
You have the right to access your personal health information. Requests to access personal health information should be directed in writing to your treating doctor or HPGP staff. It is at the discretion of medical practitioners at HPGP as to whether they will provide you with an up to date summary of your medical records or a copy of your full medical record.
A written request is required to ensure we maintain your privacy and security. Upon receiving an application for a request to access your personal health information, HPGP will respond to the request within 5 business days after the request is received and give access to the information in the manner requested by the individual if it is reasonable and practicable to do so.
As per the Privacy Amendment (Private Sector) Act 2000 (Cth), HPGP may charge a reasonable administration fee before undertaking a request for access to personal health information.
Full or partial access to your medical records may be refused in circumstances where:
- Disclosure of health information may result in physical or mental harm to you or any other person
- The information may impact on the privacy of other individuals
- Information relates to existing or anticipated legal proceedings
- If access would prejudice negotiations with you
- Where denying access is required or authorized by law
If HPGP refuses to grant access to the personal health information you requested, or give access in the form requested, HPGP will provide written notice that sets out:
- The reasons for the refusal (except where disclosure of the reasons would be inappropriate); and
- The mechanisms available to complain about the refusal
Changes or Correction of Your Personal Health Information
You have the right to request an amendment to your personal health information, should you believe it to contain inaccurate information. Requests to amend your personal health information should be directed to your treating doctor or our practice staff. HPGP will respond to all requests within a reasonable period after the request is received.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. Upon arrival at each consultation, we will ask you to verify your personal information held by our practice to ensure it is correct and up to date. You may also request that we correct or update your information, and you should make such requests in writing to our staff.
Where inaccurate information has been amended, you may request that HPGP notify third parties to which it has previously disclosed information. HPGP will take all reasonable steps to notify third parties of the correction.
If HPGP refuses to correct the information requested, HPGP will provide written notice that sets out:
- The reasons for the refusal (except to the extent that it would be unreasonable to do so); and
- The mechanisms available to complain about the refusal
Right to Decline the Use of Your Personal Health Information
You have the right to decline to have your personal health information used in some of the ways outlined in this policy; however, this may limit our ability to manage your health care and to provide you with the best outcome.
Making a Privacy Related Complaint
We take complaints and concerns regarding privacy seriously at HPGP. It is our practice policy that any formal complaint is required to be made in writing, addressed to our practice manager either through post or email, and marked private and confidential. We will endeavor to respond to complaints within 10 business days of receipt.
The response will detail the outcome decision, the reason for the decision, and any follow-up action that can be taken by you.
If you are still not satisfied with the outcome, you may also contact the OAIC. Please be advised that the OAIC will require response time before they will investigate. For further information, visit www.oaic.gov.au or call the OAIC on 1300 336 002.