Health Information Policy

This is our practice Privacy Policy which explains clearly collection of health information, use and disclosure, retention of information, security, corrections and access to health information. This policy is also available on our website and can be produced as a hard copy when requested.

We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory legislation (referred to as privacy legislation).

Our ‘Personal Information, Privacy and Your Doctor’ brochure explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes.

Collection
We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, credit card and direct debit details and contact details.

This information may be stored on our computer medical records system and/or in hand written medical records. Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers.

We collect information in various ways, such as over the phone or in writing, in person at Woonona Medical Practice or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.

In emergency situations we may also need to collect information from your relatives or friends.

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.

For your privacy or other reason you may wish to use an alternative name for us to use when communicating with you. However, if you wish to change your formal name as recorded with Medicare, you will need to contact Medicare directly. Use our web form to Nominate a pseudonym.

Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.

With your permission your clinical information may be sent electronically, in this instance, this will be sent either encrypted or with a PIN for security.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For examples, to Medicare, police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals or debt collection agencies. We may also from time to time provide statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider, solicitor or debt collection agent. We many impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

Data Quality and Security

We will take reasonable steps to ensure that your personal health information is accurate, complete, up-to-date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.

Personal information that we hold is protected by:

securing our premises and the installation of CCTV surveillance (not inside consultation rooms)
placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and
providing locked cabinets and rooms for the storage of physical records
Retention of Patient Health Records

It is a policy of the practice that patient records must be kept until the patient is 25 years of age, if a child, or a minimum of 7 years following the last year of the patients attendance, whichever is greater.

This Practice retains paper medical records for a minimum of 7 years. Inactive electronic records are retained indefinitely or as stipulated by the relevant national, state or territory legislation.

Privacy will be maintained during the destruction process to ensure information contained in the records is not divulged or seen by unauthorised persons. Records will be destroyed in a secure environment.

Overseas Transfer of Data

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.

Corrections

If you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you contact us in writing.

Access

You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time. There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records. We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to yours or any other person’s health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

Complaints

If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling process.

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.

If you are concerned about the quality of care you, your family or a friend have been provided you can contact the NSW Health Care Complaints Commission.

Contacts

Please direct any queries, complaints or requests for access to medical records to:

Woonona Medical Practice
Attn: The Privacy Officer
44 Hopetoun Street
Woonona NSW 2517
p. 02 4283 3433
f. 02 4283 1955

Privacy NSW
Office of the NSW Privacy Commissioner
PO Box A123
Sydney South NSW 1235
w. www.lawlink.nsw.gov.au/privacynsw
e. privacy_nsw@agd.nsw.gov.au
p. 02 9268 5588
f. 02 9268 5501

Office of the Australian Information Commissioner
p. 1300 363 992
w. www.privacy.gov.au

NSW Health Care Complaints Commission
p. 02 9219 7444
toll free in NSW. 1800 043 159
f. 02 9281 4585
Locked Mail Bag 18
Strawberry Hills NSW 2012
e. hccc@hccc.nsw.gov.au