Privacy

Lismore GP Super Clinic Privacy Policy

Current as of: 21 September 2023. This policy is reviewed regularly to ensure it is in accordance with changes that occur.

Introduction

Lismore GP Super Clinic (referred to in this policy as 'The Practice' or 'we') is committed to best practice in relation to the management of information we collect. The Practice has developed this policy to protect Patient privacy in compliance with The Privacy Act 1988 (Cth). All Personnel that has current access to the Practice information systems is bound to comply with all privacy security policies and have signed documentation to support their compliance obligations. This policy is to inform you (as the Patient or Visitor) of:

• the kinds of information that we collect and hold, which as a Medical Practice, is likely to be 'health information' for the purposes of the Privacy Act;
• how we collect and hold personal information;
• the purposes for which we collect, hold, use and disclose personal information;
• how you may access your personal information and seek the correction of that information;
• how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;
• whether we are likely to disclose personal information to overseas recipients;

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

What personal information do we collect?

The information we will collect about you includes you're:

• Names, addresses, date of birth, email and contact details
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
• Medicare number (where available) for identification and claiming purposes
• Healthcare identifiers - Concession numbers, pension numbers and DVA card numbers, although we will not use these for the purposes of identifying you in this practice.
• Health fund details.
  • Other health information about you, including:
    • notes of your symptoms or diagnosis and the treatment given to you
    • your specialist reports and investigation results
    • your appointment and billing details inclusive of direct debit and credit card
    • your prescriptions and other pharmaceutical purchases
    • your dental records
    • your genetic information
    • your healthcare identifier
    • Any other information about your race, sexuality or religion, when collected by a health service provider.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

The Privacy Act gives provision that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our Practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself and the provision of medical services is likely to be impacted and furthermore, billing via Medicare or a health insurer is likely to be impracticable - in these instances a patient seeking certain treatments may need to be prepared to forego notifying their insurer or seeking a Medicare benefit and pay the Practice direct for the service.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
2. During the course of providing medical services, we may collect further personal information. Via electronic transfer of prescriptions, My Health Record, Medical Objects, Health Link and Shared Health Summary.
3. We may also collect your personal information when you visit our practice or website, send us an email or SMS, telephone us.
4. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
   • your guardian or responsible person
   • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
   • your health fund, Medicare, or the Department of Veterans' Affairs (as necessary).

When, why and with whom do we share your personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

• to provide health services to you;
• to communicate with you in relation to the health service being provided to you;
• with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers - these third parties are required to comply with Australian Privacy Principles (APPs) and this policy
• with other healthcare providers
• when it is required or authorised by law (e.g. court subpoenas)
• when it is necessary to lessen or prevent a serious threat to a patient's life, health or safety or public health or safety, or it is impractical to obtain the patient's consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of confidential dispute resolution process
• when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
• during the course of providing medical services, through eTP, My Health Record (e.g. via Shared Health Summary, Event Summary, Medical Objects, eRx prescribing, Pathology and Radiology providers).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

When, why and with whom do we share your personal information? Cont.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. Patients do have an option to opt out of the de-identified data collection by notifying the Practice in writing.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms.

• Our practice stores all personal information securely via electronic records

All Practice personnel are legally bound to respect and protect your privacy at all times by all necessary and reasonable measures. All Personnel sign a confidentiality agreement upon their commencement before access is granted, this also protects information post their employment or contract is ceased. The Practice will take reasonable steps to protect information held from misuse and loss as well as unauthorized access, modification or disclosure. This includes but not limited to:

• Holding your information on an encrypted database - backed up daily for disaster recovery
• Holding your information in a secured access area - security access card/key only for authorised only personnel (Management).
• Our staff, contractors and visitors sign confidentiality agreements - reviewed and updated annually
• Our practice has document retention and destruction policies - confidential waste handled and removed by accredited external waste company in accordance to information security
• Regular audit controls to ensure security in maintained on an ongoing basis
• Automatic locking on all computers when delay in activity
• Use secure encrypted programs for safe transmission of information in accordance to eHealth regulations, via Medical Objects, Health Links etc.
• Faxing via a secure GoFax program
• External mobile devices prohibited to use for transmission of personal sensitive data
• Personal email addresses prohibited to use for transmission of personal sensitive data

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing or complete a patient authorisation to obtain medical records form. Our practice will respond within a reasonable timeframe around 30 days

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Manager via email to: manager@lismoregpsc.com.au

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

If you have any concerns about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to;

The Practice Manager
Lismore GP Super Clinic
33-35 Rous Road
GOONELLABAH NSW 2480
Email: manager@lismoregpsc.com.au

We will attempt to resolve it in accordance with our resolution procedure.

Note: Allow up to 30 days for a response to your request

If you are dissatisfied with our response, you may refer the matter to the OAIC (Office of the Australian Information Commissioner):

OAIC
GPO Box 5218, SYDNEY NSW 2480
Phone: 1300 363 992
Fax: 02 9284 9666
Email: enquiries@oaic.gov.au
Website: https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint

Privacy and our website

This Policy can be found on the Lismore GP Super Clinic Website - www.lismoregpsc.com.au

Also available is information on how you can access your health information, how you can change or alter your medical records, forms to request access to records and contact information for you if you have any concerns with the handling of your personal information and medical records.

Policy review statement

This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website.

Disclaimer

The Privacy policy template for general practices is intended for use as a guide of a general nature only and may or may not be relevant to particular practices or circumstances. The Royal Australian College of General Practitioners (RACGP) has used its best endeavour to ensure the template is adapted for general practice to address current and anticipated future privacy requirements. Persons adopting or implementing its procedures or recommendations should exercise their own independent skill or judgement, or seek appropriate professional advice. While the template is directed to general practice, it does not ensure compliance with any privacy laws, and cannot of itself guarantee discharge of the duty of care owed to patients. Accordingly, the RACGP disclaims all liability (including negligence) to any users of the information contained in this template for any loss or damage (consequential or otherwise), cost or expense incurred or arising by reason of reliance on the template in any manner.