At BJC Health, your privacy is important to us and we are committed to protecting the privacy of patient information and the handling of your personal information.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cwth) (subject to exemptions that apply to us under that Act), refer to Section 6 Privacy and Security of Health Information.
We may, from time to time, review and update this policy, which includes taking into account new or amended laws, new technology and/or changes to our operations. All personal information held by us will be governed by the most recently updated policy.
This policy was last updated in May 2020.
This policy sets out:
- Why and when your consent is necessary?
- Why do we collect, use, hold and share your personal information?
- What personal information do we collect?
- How do we collect your personal information?
- Who do we share your personal information with?
- How do we store and protect your personal information?
- How can you access and correct your personal information at our practice?
- Our website and subscribed emails
- How to contact us or lodge a privacy related complaint?
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our providers and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Staff will only access your personal information if it is necessary to help you maintain your health, or for your care and treatment.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to help you manage your health. We also use it for activities directly related to our practice and business, such as consultation fees and charges, Medicare claims and payments, practice audits and accreditation, processes related to quality, safety, improvement and staff training.
What personal information do we collect?
The information we collect about you includes:
- name, address and date of birth
- mobile phone number so we can send you an SMS to confirm appointments and/or communicate with you
- email address to communicate with you about health and practice related matters
- your Medicare number, Veterans’ Affairs number, Private Health Fund details (where available) for claiming purposes
- healthcare identifiers
- information relevant to your medical care, including but not limited to your previous and current medical history, medications, allergies, social history, family history, personal risk factors, profession, occupation or job title, and cultural history (where clinically relevant);
- the name of any health service provider or medical specialist to whom you are referred, copies of any letters of referral and copies of any reports we have received; and
- any additional information relating to you that you provide to us directly
How do we collect your personal information?
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in the following ways:
- when you make your first appointment, we will send you an sms requiring you to create a login on our patient portal in order for you to fill in your personal details. These details will be automatically populated into a file specific to you which has already been created on our electronic health record;
- by you completing one of our patient information forms.
- as disclosed by you during the course of a consultation at our clinic. With your verbal (and/or written) permission, this information may be sourced from other healthcare and pathology providers, pharmacists, as well as your My Health record (where applicable).
- through your access and use of our website, when you send us an email, SMS, call us, make an online appointment, or communicate with us using social media.
- In some circumstances, personal information may also be collected from other sources. Often, it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person.
- other involved healthcare providers, such as a GP, specialist, allied health professional, hospital, community health service and pathology/diagnostic imaging service.
- your health fund, Medicare, or Department of Veteran’s Affairs (as necessary).
- your relatives or friends in an emergency.
Who do we share your personal information with?
We treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment or as instructed by you. We may share your personal information:
- with third parties for practice management purposes, such as accreditation agencies and information technology providers.
- with other healthcare providers, both within and outside of the practice
- when it is required or authorised by law. This may include but are not limited to Medicare Australia, Insurers, solicitors, government departments, courts of law or hospitals.
- when it is necessary to lessen or prevent a serious threat to you or another patient’s life, health or safety, or public health or safety, or when it is impractical to obtain your consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of confidential dispute resolution processes
- when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- during the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), My Health Record system (eg via Shared Health Summary, Event Summary), and secure electronic messaging (Healthlink & Argus).
Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
From time to time, we may contact you in relation to your health and the services that we provide.
How do we store and protect your personal information?
We take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access and secure servers.
Your personal information is stored electronically at a Sydney hosted data centre managed securely by our IT consultants (Medihost Solutions). Information about you is also stored in cloud-based products including but not limited to email servers (Office 365), document management (Dropbox) and booking platforms (Appointuit & Glofox, Hubspot, Physitrack and/ or Xero). Access to this information is password protected, and subject to Australian Privacy Principles (APP).
Our practice stores all on site personal information securely. We have confidentiality agreements signed by all staff. To protect and securely store your personal information we use an electronic format in a secured environment that is password protected.
The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet, email or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access.
How can you access and correct your personal information at our practice?
You have the right to request access to and correct your personal information.
Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing but may (at our discretion) accept your request verbally. Our practice will respond within a reasonable time, which is under 10 working days. We reserve the right to charge a reasonable administrative fee to provide you with a copy of your records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up-to-date. From time-to-time, we will ask you to verify your personal information held by our practice to make sure it is correct and up-to-date. You may also request that we correct or update your information. We cannot, however, delete clinical information, but we can append your corrections.
Our website and subscribed emails
When you visit our website, anonymous data such as IP addresses and general browsing information via tracking technologies such as cookies are collected. We do this in order to better understand the demographics and behaviours of our visitors on our site thus allowing us to tailor the site’s design and message based on your needs.
If you would prefer your visits to our websites not be tracked, you can disable cookies in your browser explicitly or enable a more private browsing mode (available on all major browsers).
We may use personal information collected from you to provide you with information and updates on our services. We may also want to make you aware of promotions, additional products/ services and opportunities available to you. You will always have the option to “opt out” from receiving such communications from us. For example, if you have signed up to a regular email or e-newsletter from us there will always be the option to unsubscribe at the end of that email.
We cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Please be aware that we are not responsible for the privacy practices of any linked sites. We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit. All links to external sites are provided for your convenience. The information, products and advertisements contained in the linked sites are neither approved nor endorsed by us, and we are not responsible for such information, products or advertisements.
How to contact us or lodge a privacy related complaint?
If you have any queries about your personal information or changes to the information we keep, don’t hesitate to contact us at firstname.lastname@example.org.
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. Please contact the practice and send all requests to our management team at email@example.com.
You may also contact the OAIC. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992. Email: firstname.lastname@example.org. Address: GPO Box 5218 Sydney NSW 2001