We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth)), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you make a complaint about a breach of privacy legislation.
This Privacy Policy is current from 1st March 2014. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes.
We collect information that is necessary and relevant to provide you with medical care and treatment and manage our medical practice. This information may include your name, address, date of birth, gender, medicare number, health care identifier (if applicable), health information, family history, credit card and direct debit details and contact details. This information may be stored on our computer medical records system.
Wherever practical we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers.
We collect information in various ways, such as over the phone or in writing, in person in our Norwood Family Practice rooms or over the internet if you interact with us online. This information may be collected by medical and non-medical staff.
In emergency situations we may also need to collect information from your relatives or friends.
We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we are required to maintain such records under some laws.
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law or hospitals. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider (for example; computer maintenance). We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
If we receive unsolicited personal information we will determine whether it should have been permitted to collect the information. If the information is not contained in a Commonwealth Record, we will destroy or de-identify that information as soon as practicable, but only if it is lawful and reasonable to do so.
We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by:
Securing our premises
Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure
If you believe that the information we have about you is not accurate, complete or up-to-date, we ask you contact us in writing. Reasonable steps to correct personal information will be taken if we are satisfied that it needs to be corrected having regard to purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading.
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in South Australia.
We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law. If it was deemed necessary for us to disclose personal information to an overseas recipient, reasonable steps will be undertaken to ensure that the overseas recipient does not breach the privacy legislation.
A patient has the right to be dealt with anonymously or by using a pseudonym, provided that this is lawful and practicable. However in the health context this is unlikely to be practicable and may in some circumstances be dangerous to the patients’ health. All requests of this nature will be referred to the treating Doctor.
The Norwood Family Practice will not adopt, use or disclose a government related identifier to an individual unless an exception applies.
The Norwood Family Practice will not disclose personal information for direct marketing purposes unless the individual has consented to their personal information being used for direct marketing. Individuals have opt-out mechanisms.
This Practice has made this and other material available to patients to inform them of our policies on the management of personal information. On request we will generally let patients know what sort of personal information we hold, and for what purposes, and how we collect, hold, use and disclose that information.
Please direct any queries, complaints, requests for access to medical records to:
Merici Quigley (Practice Manager)
The Norwood Family Practice ensures that communication with patients via electronic means is conducted with appropriate regard to privacy.
Electronic communication could be intercepted or read by someone other than the intended recipient and it is at your discretion for proceeding with electronic communication. Norwood Family Practice cannot guarantee that electronic communication will be private.
Our Practice Policy for sending and receiving email communications with patients is as follows:
. Patient email address will be verified by the Practice before sending an email
. Patients are able to obtain advice or information related to their care by electronic means, this includes email. All significant electronic contact with patients is recorded in the patient health record.
. Norwood Family Practice have an automatic email response system set up so that whenever an email is received in the Practice, the sender receives an automated message reinforcing information regarding the risks.
If you agree to receiving and sending email to Norwood Family Practice please sign the consent from at Reception when you next attend the Surgery.