Privacy Policy
This practice is bound by the Federal Privacy Act (1988) and the Australian Privacy Principles (APPs). Belgravia Medical Centre (BMC) / WA Iron Centre (WAIC) recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document outlines how we collect and manage your health information.
The provision of quality health care is our principal concern. It requires a doctor-patient relationship of trust and confidentiality. Your doctor regards patient health information as confidential and will only collect this information with patient consent.
Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’). Our policy is to inform you of:
-
the kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
-
how we collect and hold personal information;
-
the purposes for which we collect, hold, use and disclose personal information;
-
how you may access your personal information and seek the correction of that information;
-
how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
-
whether we are likely to disclose personal information to overseas recipients.
What is your personal information?
Personal information is information that identifies you or could reasonably identify you. Personal health information and a particular subset of personal information can include any information collected and held to provide a health service. Our privacy policy covers all people who use our services or otherwise provide their personal information to us.
Consent
Consent by a patient to the collection of personal information by a health service provider is generally implied by the patient’s request for the medical service; however, consent to the use and disclosure of that information is required if it is to be used and disclosed for any purpose other than the main purpose for which it was collected.
Key elements to consent are that:
-
It must be provided voluntarily;
-
The individual must be adequately informed; and
-
The individual must have the capacity to understand, provide and communicate their consent.
Patient consent will be recorded by their GP on their file.
What personal information do we collect and hold?
All personal information collected in the course of providing a health service is considered health information under the Privacy Act.
The type of information we may collect and hold includes:
-
Your name, address, date of birth, email and contact details
-
Medicare number , DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
Other health information about you, including:
-
notes of your symptoms or diagnosis and the treatment given to you
-
your specialist reports and test results
-
current health issues and future medical care
-
your appointment and billing details
-
your prescriptions and other pharmaceutical purchases
-
your past medical and social history
-
your dental records
-
your genetic and family information
-
your healthcare identifier
-
employment or other demographic data
-
any other information about your race, sexuality or religion, when collected by a health service provider.
-
any health information such as medical or personal opinions about a person’s disability or health status.
Our practice may also record information or an opinion about:
-
the health, including an illness, disability or injury, (at any time) of an individual
-
an individual’s expressed wishes about the future provision of health services to him or her
-
a health service provided, or to be provided, to an individual
-
that is also personal information
We may also collect some information that is not considered personal information as it does not identify you or anyone else. For example, we may collect de-identified responses to patient feedback surveys.
How do we collect your personal information?
Our practice collects personal information about our patients for inclusion in a record or generally available publication. We may collect information:
-
Directly from you when you attend our practice either in person or via a telephone or telehealth appointment (i.e. patient information form, surveys, medical history)
-
As disclosed by you, or from a person responsible for you, during your consultation at our practice (i.e. recording a summary of what you say during a consultation)
-
On receipt and recording of a specialist report provided by a patient for inclusion in the patient’s medical record
-
When taking physical or biological samples from a patient and labelling these with the patient’s name or other identifier
-
When receiving information relating to biological samples and radiology results
-
By storing video footage, photographs or audio recordings in which a patient can be reasonably identified
-
Keeping emails or other correspondence containing personal information about a patient.
-
From third parties where the Privacy Act or other law allows it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme, employers, law enforcement agencies and other government entities.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, the following may happen:
-
Belgravia Medical Centre may not be able to provide the requested service to you
-
Your diagnosis or treatment may be inaccurate or incomplete
For what purpose do we collect, hold, use and disclose your personal information?
BMC will use your personal information, where necessary, in the following instances:
-
To provide medical services and treatment to you
-
To communicate with you in relation to the health service being provided to you
-
For the electronic transfer of prescriptions
-
For the electronic transfer of health information to the Government My Health Record System and/or the Australian Immunisation Register
-
For administrative and billing purposes
-
Update our records and keep your details up to date
-
To process and respond to any complaints made
-
To comply with any law, rule and regulations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation
-
For the purpose of data research and analysis
-
to obtain, analyse and discuss test results from diagnostic and pathology laboratories
-
For inclusion in a reminder register for appointment attendance
-
or inclusion in a reminder register for prevention of chronic disease
-
For the purpose of reporting back to your employer
-
To answer any queries about the services we provide to you
-
To provide information to third parties with your consent, such as other doctors and allied health professionals involved in your health care
-
If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
-
To meet the obligations of notification to our medical defence organisations or insurers
-
To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
Who do we disclose your information to?
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless consented otherwise.
Disclosure may occur to third parties engaged by the practice or for business purposes eg accreditation
BMC/WAIC will inform the patient where there is a statutory requirement to disclose personal information (eg mandatory reporting of certain diseases) .
The practice will not disclose personal information to any third party other than those related to providing our medical services unless consent is obtained.
BMC/WAIC will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
-
Required by law
-
Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
-
To assist in locating a missing person
-
To establish, exercise or defend an equitable claim
-
For the purpose of a confidential dispute resolution process.
Parent/Guardian and Children
In general terms, either parent of a young child is able to obtain information about the medical management of their child. However, exceptions may apply where there is a Court order that grants sole responsibility for the medical care of the child to one parent, or where the doctor believes that disclosure of the information may pose a serious threat to life or health of any individual.
The right of children to privacy of their health information, based on the professional judgement of the GP and consistent with the law, might at times restrict access to this information by parents or guardians.
Doctors recognise that some minors are legally capable of consenting to medical treatment. The confidentiality of those minors must be respected, implying that parents may not have automatic access to the medical records of minors.
Except in circumstances of a medical emergency, during the normal course of professional communication and as required by the law, the consent of both parents must be obtained by the doctor before the records of children are release to persons other than the parents.
Direct Marketing
Direct marketing involves the use and/or disclosure of personal information to communicate
directly with an individual to promote goods and services.
BMC/WAIC does not use or disclose the information we collect about you for direct marketing unless an exception applies, including where the individual either consents to the disclosure or has a reasonable expectation that their personal information will be used for direct marketing, and the organisation notifies the individual on how to ‘opt out’ of direct marketing communications. Direct marketing communications from BMC/WAIC may include information about our products and services and may be in the form of email, SMS, or mail.
Our practice keeps a register to track patients who do not want the practice contacting them about practice services.
How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information which we hold about you. Any costs associated with this will be discussed prior to any action being taken.
If you request access to your medical record, your GP will need to consider if there may be a risk of physical or mental harm to you or any other person that may result from disclosure of your health information. Your GP may need to remove any information that will affect the privacy of other individuals.
BMC/WAIC acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and BMC/WAIC will respond within a reasonable time.
We will take reasonable steps to correct personal information where it is satisfied, they are not accurate or up to date. From time to time BMC/WAIC will ask patients to verify their personal information to ensure it is accurate and up to date. Patients may also request for this information to be corrected / updated in writing.
Security
BMC/WAIC takes all reasonable steps to ensure that your personal information is protected from loss and misuse. BMC/WAIC holds your information in both electronic and hard copy (archived) format. When your personal information is no longer needed it is destroyed or de-identified in accordance with State regulations.
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:
-
strong password protections applied
-
access to personal information restricted on a ‘need to know’ basis
-
Holding our information on an encrypted database
-
Holding our information in a lockable cabinet
-
Our staff sign confidentiality agreements
-
Our practice has document retention and destruction policies
Privacy related questions and complaints
If you have any questions about privacy-related issues, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy please contact Karen Witkowski (Privacy Officer), BMC on 9277 1113.
Your requests and complaints will be treated confidentially. Our practice representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and your options. You will also be informed of any actions that have been taken by our practice to resolve the issue.
If you feel the clinic cannot resolve your complaint / concern please contact the Health and Disability Services Complaints Office on 6551 7600 or 1800 813 583.
Full Privacy Policy
To view the complete Privacy Policy for our practice please click here.
Please Note: We may change our privacy policy from time to time. Any updated versions of this privacy policy will be placed on our notice board and in our patient pamphlet.
*Based on RACGP APP Privacy Policy – Management of Patient Health Information