The Family &  Diabetic GP Clinic Privacy Policy

CURRENT AS OF 19 AUGUST 2023

​

Australian Privacy Principles (APP Policy)

All practices must have a Privacy Policy in place to be compliant with the Privacy Act 1988.  This policy needs to set out how and what type of personal and health information is collected, stored, accessed and managed.

​

Essential Information

For further information, please refer to the Australian Privacy Principles (APPs) website. 

​

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

The purpose of this Privacy Policy is to clearly communicate how The Family & Diabetic GP Clinic collects and manages personal information.

​

The point of contact regarding any queries regarding this policy is our Practice Manager.

​

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.  We must obtain patient consent for any real-time audio/visual recording, duplication and storage of a consultation, including those via telehealth and those conducted remotely

​

What is a Patient Health Record?

A patient health record is a record of an individual’s health information that is stored to enable us (the health care provider) to provide health care services to you, the individual. It includes your personal information (which is listed below) and also includes your personal health information (such as a medical or personal opinion) relating to your health, disability or health status.  Your personal health information includes information or an opinion about your medical history, a health service provided, or to be provided to you, and other personal information collected to provide, or in the provision of a health service.

 

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).

​

What personal information do we collect?

The information we will collect about you includes your:

​

·      names, date of birth, addresses, contact details;

·      your personal health information as noted above including medical information including medical history,        medications, allergies, adverse events, immunisations, social history, family history and risk factors; and/or

·      healthcare identifiers; and/or,

·      health fund details.

​

​

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

​

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

​

1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.

2. During the course of providing medical services, we may collect further personal information. Information can also be collected through electronic transfer of prescriptions (eTP), My Health Record (eg via Shared Health Summary, Event Summary).  Currently, our practice participates in My Health Record. 

3. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.

4. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

·      your guardian or responsible person

·      other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health                    services and pathology and diagnostic imaging services

·      your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

​

When, why and with whom do we share your personal information?

We sometimes share your personal information:

​

·      with third parties who work with our practice for business purposes, such as accreditation agencies or information ·      technology providers – these third parties are required to comply with APPs and this policy

·      with other healthcare providers

·      when it is required or authorised by law (eg court subpoenas)

·      when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is          impractical to obtain the patient’s consent

·      to assist in locating a missing person

·      to establish, exercise or defend an equitable claim

·      for the purpose of confidential dispute resolution process

·      when there is a statutory requirement to share certain personal information (eg some diseases require mandatory                          notification)

·      during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event                Summary).  Currently, our practice participates in My Health Record but not eTP.

​

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

​

We will not share your personal information with anyone outside Australia without need and without your consent (unless under exceptional circumstances that are permitted by law).  Currently we do not send information overseas and if we are required to do so, we will obtain your consent.

​

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice evaluates all unsolicited information it receives to decide if it should be kept, acted upon or destroyed.

The Family & The Diabetic GP Clinic will employ all reasonable endeavours to ensure that a patient’s personal information is not disclosed without their prior consent.

​

How do we use document automation technologies?

Our practice has implemented a clinical information system that uses document automation technology to assist in our workflows and internal systems. Our selected medical software utilises document automation technologies so that documents drafted by us, such as referrals, contain only your relevant medical information.

​

These document automation technologies are established through our secure medical software built-in word processor. The built-in word processor allows The Family & Diabetic GP Clinic to set up automated, simple and computed variables. These automated variables are set up to strictly disclose only relevant medical information related to and required in the document selected.

 

Our medical software is user-unique password protected. Authorised access via individual passwords has been granted on a role-specific basis.  

​

How do we store and protect your personal information?

The Family & Diabetic GP Clinic complies with the Australian privacy legislation to protect your information.  All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners RACGP Computer and Information Security Standards and the requirements of our practice’s Business Continuity Plan. 

​

How do we store your personal information?

At The Family & Diabetic GP Clinic, your personal information may be stored in various forms.  These forms include as an electronic record, paper records, visual x-rays and video and/or audio recordings.  All personal information is stored security. 

 

Our practice does try to avoid paper files and all information relating to a patient is scanned into their chart on our secure practice management system and then the paper file is securely disposed of by shredding.  Visual records, such as x-rays, ct scans and eye images are all stored electronically in each patient’s chart.

​

How do we protect your personal information?

Our practice has documented policies and procedures in place to protect and manage the privacy, security, quality and integrity of the personal health information we hold. 

​

By way of further assurance, and since establishment, The Family & Diabetic GP Clinic has engaged a reputable IT service provider to securely monitor and manage our systems and network to ensure the safety, security and integrity of the personal health information we hold.

​

Our electronic files are password/passphrase-protected on several levels (which are changed on a regular basis).  We keep frequent backups of all critical information and systems, and those backups are stored securely off site and not connected to the network to prevent their loss due to fire, theft or malware.

​

All our employees, service providers and contractors at The Family & Diabetic GP Clinic are bound by a strict legal duty of confidentiality.   As such, we require and ensure that each person has read, understood and signed a Privacy and Confidentiality Agreement.

​

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

The point of contact for patient access to personal information is:

​

Practice Manager

Phone: 4724 0700

Email: practicemanager@diabeticgp.com.au

​

Our practice acknowledges patients may request access to their medical records. Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current.

​

If you make your request to access or correct your personal information over the phone or in person, you will be asked to put your request in writing. You may also be asked to provide proof of your identity.

​

If you are making a request on behalf of another person, your request must be made in writing, and must include evidence of your authority to act on the other person's behalf.

​

Your request should be in writing and to the attention of “The Practice Manager”.  It should be provided either by email practicemanager@diabeticgp.com.au, in person to the practice, or by post PO Box 262 Belgian Gardens Townsville 4810.  Your request should include:-

​

• Your full name, address and date of birth.

• For access requests: a description of the information you're requesting and whether you require a summary, a full copy or if you want to view your records in person.

• For correction requests: a description of the information you want to correct, the correct information and proof the existing information is inaccurate, incomplete, misleading or out-of-date.

​

Our practice will respond to all requests within a reasonable time, (approximately 30 days). 

​

The Family & Diabetic GP Clinic may charge a fee to give you access to your information but you will not be charged a fee for simply making a request.

​

Depending on the content of your request, our practice may charge you a fee to give you access to your personal health information, but this fee can’t be excessive.  It may include the cost of:-

​

• staff searching for, locating and retrieving the requested information, and deciding which health information is relevant to the request

• staff reproducing and sending the health information

• the postage or materials involved in giving access

• using an intermediary, if necessary

​

Can we refuse your request?

The Family & Diabetic GP Clinic can refuse to give you access to your health information in some situations, such as if:

• it may threaten your or someone else’s life, health or safety

• it may impact someone else’s privacy

• giving access would be unlawful

​

If giving you certain information would impact someone else’s privacy, our practice may block out that part and give you the rest of the information. If it’s not possible to give information directly to you because of a concern for your health or safety then our practice might give access through an agreed third party.

​

If our practice refuses to give you access we will give you a written notice telling you why, and how you can complain about our refusal.

​

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure.

​

You may make a complaint in person, over the phone or in writing.

​

If you put the complaint in writing, it should be addressed to the attention of “The Practice Manager” and can be sent either by email practicemanager@diabeticgp.com.au, or by post PO Box 262 Hyde Park Townsville 4812 or delivered in person at Suite 14, The Hyde Park Centre, Woolcock Street, Hyde Park Townsville 4812.

​

When you make the complaint, please make sure you:

• identify yourself

• give a brief description of the matter and why you think The Family & Diabetic GP Clinic has mishandled your personal information (what happened, when it happened and any consequences)

• let us know what you’d like us to do to resolve the matter

​

If your complaint is in writing, please also include:-

• a contact address

• a contact phone number

• the date (if you’re sending a letter)

​

Our practice will respond to all requests within a reasonable time, (approximately 30 days). 

You may also contact:-

• The OAIC. Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

• The Office of the Health Ombudsmen, Queensland - For further information visit www.oho.qld.gov.au or call the OHO on 133 646.

• ​

Further information on privacy legislation is also available from Office of the Information Commissioner Queensland phone: 07 3234 7373 www.oic.qld.gov.au

​

Privacy, our website and social media

The Family & Diabetic GP Clinic’s website and facebook page contains links to other websites on the internet. The internet is inherently insecure and these linked sites are not under our control.  We are not responsible for the conduct of third party websites or companies linked to our website.  Accordingly, we make no representations or warranties in relation to the privacy practices of any third party website. 

​

Before you disclose your personal information on any other website, we would recommend that you take time to consider the privacy policy and terms and conditions of that website.

​

No data or transmission over the internet can be guaranteed to be secure.  We cannot guarantee that any information you communicate to us online will not be intercepted while being transmitted over the internet.  Any information, (personal or otherwise) which you transmit to us online is transmitted at your own risk. 

​

Finally, we may measure and record information about the number of visitors and their use of our website for trends and statistics for marketing purposes or for the purpose of making our website more relevant and user-friendly.

​

Policy review statement

This Privacy Policy will be reviewed every 6 months to ensure remains applicable to current practice procedure and legal requirements.

Any changes that are made to our privacy policy will be updated on our website. We will notify patients via email of any changes made to our policy.

​

Next Review Date: 1 March 2024