Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect patient privacy in compliance with the Privacy Act 1988. Our policy is to inform you of:
- The kinds of information that we collect and hold, which, as a medical practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
- How we collect and hold personal information;
- The purposes for which we collect, hold, use and disclose personal information;
- How you may access your personal information and seek the correction of that information;
- How you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
- Whether we are likely to disclose personal information to overseas recipients;
2. What kinds of personal information do we collect?
The type of information we may collect and hold includes:
- Your name, address, date of birth, email and contact details
- Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
- Other health information about you, including:
- Notes of your symptoms or diagnosis, medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors and treatment given to you
- Your specialist reports and test results
- Your appointment and billing details
- Your prescriptions and other pharmaceutical purchases
- Your genetic information where relevant
- Your healthcare identifier
- Any other information about your race, sexuality or religion, when collected by a health service provider.
A patient’s personal information may be held at the practice in various forms:
- As electronic records
- As visuals ie XRAYs, CT scans, videos & photos
- As audio recordings (including telemedicine)
3. How do we collect and hold personal information?
We will generally collect personal information:
- From you directly when you provide your details to us. This might be via a face-to-face discussion, telephone conversation, registration form or online form or when patients present to the clinic for the first time.
- From a person responsible for you such as a guardian or responsible person (where practicable and necessary)
- From third parties where the Privacy Act or other law allows it - this may include, but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, the Pharmaceutical Benefits Scheme
- During the course of providing medical services the practice’s healthcare practitioners will consequently collect further personal information.
4. Why do we collect, hold, use and disclose personal information?
In general, we collect, hold, use and disclose your personal information for the following purposes:
- To provide health services to you as advised during consult with the treating doctor
- To communicate with you in relation to the health service being provided to you
- To comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation, medical defence purposes
- For the purpose of a confidential dispute resolution process
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impracticable to obtain patient’s consent
- To help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ICT systems
- For consultations with other doctors and allied health professional involved in your healthcare;
- To obtain, analyse and discuss test results from diagnostic and pathology laboratories
- For identification and insurance claiming
- Some disclosure may occur to third parties engaged by or for the practice for the Practice for business purposes such as accreditation or for the provision of information technology. These third parties are required to comply with this policy.
- If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
- Information can also be disclosed through an electronic transfer of prescriptions service, when available.
- To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary
5. How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information, which we hold about you.
Whilst the individual is not required to give a reason for obtaining the information, a patient may be asked to clarify the scope of the request.
The practice will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time the practice will ask patients to verify the personal information held by the practice is correct and up to date.
Patients may also request the Practice corrects or updates their information and patients should make such requests in person or in writing.
Upon request by the patient, the information held by this clinic will be made available to another health provider.
For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’.
We will normally respond to your request within 30 days.
6. How do we hold your personal information?
The practice holds all personal information securely, whether in electronic format, in protected information systems or in hard copy in a secured environment.
We aim to minimise paper records as much as possible but where it is impracticable to do so, records will be stored in a locked secured environment and destroyed when an electronic copy has been generated or a scanned copy has been uploaded to patient electronic records. The original paper record will be then be destroyed in a secure manner.
Sexual Health North operates a secure data network(s) protected by industry standard firewall and password protection systems. We have put in place appropriate security measures to protect against the loss, misuse, or alteration of information that we have collected from you at our practice. Patient electronic records are backed up on a secure Australian based cloud server, which is highly secured. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised individuals have access to the information that you provide.
Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure.
The practice will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient.
The Practice will not disclose personal information to anyone outside Australia without need and without patient consent.
The Practice will not use any personal information in relation to direct marketing to a patient without that patient’s express consent.
The practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed. Sexual Health North will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.
All due care will be taken to ensure the protection of patient privacy during the transfer, storage and use of personal health information.
Retention of medical records is for a minimum of 7 years from the date of last entry into the patient record unless the patient is a child in which case the record must be kept until the patient attains the age of 25 years of age.
8. Privacy related questions and complaints
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.
If you are dissatisfied with our response, you may refer the matter to the OAIC:
Phone: 1300 363 992
Fax: +61 2 9284 9666
Post: GPO Box 5218
Sydney NSW 2001
9. Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.
We may disclose your personal information to the following overseas recipients:
- Any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider)
- Overseas transcription services
- Anyone else to whom you authorise us to disclose it
11. Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website.
Please refer to information on the Sexual Health North’s website’s disclaimers, terms and conditions
13. Contact details for privacy related issues
Please direct any queries and complaints to the practice using the contact button.