Our practice is committed to best practice in relation to the management of information we collect. This practice has developed a policy to protect privacy in compliance with the Privacy Act 1988 (Cth) (‘the Privacy Act’).
This policy is to inform you of:
- the kinds of information that we collect and hold, which, as a preventative health practice, is likely to be ‘health information’ for the purposes of the Privacy Act;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you may access your personal information and seek the correction of that information;
- how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint; and
- whether we are likely to disclose personal information to overseas recipients.
This policy applies not only to our clients (including prospective clients) but to our employees, contractors and job applicants also.
2. What kinds of personal information do we collect?
The type of information we collect and hold may include:
- Your name, address, date of birth, email and contact details
- Medicare number, private health insurance details, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice
- Other health information about you, including:
- notes of your symptoms or diagnosis and the treatment given to you
- your specialist reports and test results
- your appointment and billing details
- your prescriptions and other pharmaceutical purchases
- your dental records
- your genetic information
- your healthcare identifier
- any other information about your race, sexuality, or religion, when collected by a health service provider.
- With respect to our employees, contractors, and job applicants, we may also obtain other information relevant to the role, the work you do for us or your application to work for us.
3. How do we collect personal information?
We will generally collect personal information:
- from you directly when you provide your details to us. This might be via a face-to-face discussion during a consultation, telephone conversation, registration form, online form or questionnaire.
- Through the portal on our website
- from a person responsible for you
- from third parties where the Privacy Act or other law allows it – this may include but is not limited to: other members of your treating team, diagnostic centres, specialists, hospitals, the My Health Record system, electronic prescription services, Medicare, your health insurer, and the Pharmaceutical Benefits Scheme.
4. Why do we collect, hold, use, and disclose personal information?
In general, we collect, hold, use, and disclose your personal information for the following purposes:
- to provide health services to you
- to communicate with you in relation to the health service being provided to you
- to comply with our legal obligations, including, but not limited to, mandatory notification of communicable diseases or mandatory reporting under applicable child protection legislation.
- to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems.
- for consultations with other doctors and allied health professional involved in your healthcare.
- to obtain, analyse and discuss test results from diagnostic and pathology laboratories
- for identification and insurance claiming
- If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system.
- Information can also be disclosed through an electronic transfer of prescriptions service.
- To liaise with your health fund, government, and regulatory bodies such as Medicare, the Department of Veteran’s Affairs, the National Disability Insurance Scheme (NDIS) and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary.
- for any purpose disclosed to you and to which you have consented.
- for any purpose that you would otherwise reasonably expect (and, in the case of your sensitive information, is directly related to the primary purpose for which it was collected); and
- otherwise, to run our business.
5. Privacy, social media and website
We may also collect information about you from your interaction with our website, social media pages or email correspondence.
The information we obtain may include:
- Collating browser statistics and user behaviour
- Collecting device data (device type, operating system, unique device identifiers, geolocation data [IP addresses])
- Collect personal information (name, email address, phone number).
We also use third-party services for tracking/analytical services and performance and functionality cookies for analytics, visitor tracking, language, time zone and enhanced content.
6. How can you access and correct your personal information?
You have a right to seek access to, and correction of the personal information which we hold about you.
For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’:
We will normally respond to your request within 30 days.
7. How do we hold your personal information?
Our staff are trained and required to respect and protect your privacy. We take all reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:
- Holding your information on an encrypted database
- Holding your information in secure cloud storage
- Our practice strives to be a ‘paperless office’ but where necessary we hold any of your information that is printed form, in a lockable cabinet
- Our staff’s employment agreements contain obligations regarding their duty of confidentiality
- Our practice retains documents as it is required to by law
- All practice computers are password protected.
- Emails that contain health information are sent with a password that is sent separately to the client.
8. Anonymity and pseudonyms
The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym. Generally speaking we believe that it is impracticable to provide our services to you without identifying you. However, if this is something you require, please discuss with the practice director prior to your first booking.
9. Overseas disclosure
We may disclose your personal information to any practice or individual overseas who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider), or to anyone else overseas to whom you authorise us to disclose it.
10. Updates to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice’s website.
11. Contact details for privacy related issues
If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see below for details). We will normally respond to your request within 30 days.
Name: Dr Lena Attebo
Phone: 8866 2222
Address: Suite G02 7 Westbourne St Leonards NSW 2065
If you are dissatisfied with our response, you may refer the matter to the OAIC:
Phone: 1300 363 992
Fax: +61 2 9284 9666
Post: GPO Box 5218
Sydney NSW 2001