We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth)), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
We collect information that is necessary and relevant to provide you with medical care and treatment and manage our medical practice. This information may include your name, address, date of birth, gender, medicare number, health care identifier (if applicable), health information, family history, credit card and direct debit details and contact details. This information may be stored on our computer medical records system.
Wherever practical we will only collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers.
We collect information in various ways, such as over the phone or in writing, in person in our Erindale Family Practice rooms or over the internet if you interact with us online. This information may be collected by medical and non-medical staff.
In emergency situations we may also need to collect information from your relatives or friends.
We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we are required to maintain such records under some laws.
Use and Disclosure
We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.
There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law or hospitals. We may also from time to time provide statistical data to third parties for research purposes.
We may disclose information about you to outside contractors to carry out activities on our behalf, such as an IT service provider (for example; computer maintenance). We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.
If we receive unsolicited personal information we will determine whether it should have been permitted to collect the information. If the information is not contained in a Commonwealth Record, we will destroy or de-identify that information as soon as practicable, but only if it is lawful and reasonable to do so.
Data Quality and Security
We will take reasonable steps to ensure that your personal information is accurate, complete, up-to-date and relevant. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.
Personal information that we hold is protected by:
Securing our premises
Placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure
If you believe that the information we have about you is not accurate, complete or up-to-date, we ask you contact us in writing. Reasonable steps to correct personal information will be taken if we are satisfied that it needs to be corrected having regard to purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading.
You are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
If you have a complaint about the privacy of your personal information, we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.
If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in South Australia.
Overseas Transfer of Data
We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law. If it was deemed necessary for us to disclose personal information to an overseas recipient, reasonable steps will be undertaken to ensure that the overseas recipient does not breach the privacy legislation.
Anonymity and pseudonymity
A patient has the right to be dealt with anonymously or by using a pseudonym, provided that this is lawful and practicable. However in the health context this is unlikely to be practicable and may in some circumstances be dangerous to the patients’ health. All requests of this nature will be referred to the treating Doctor.
Adoption, Use or Disclosure of Government Related Identifiers
Family Healthcare Erindale will not adopt, use or disclose a government related identifier to an individual unless an exception applies.
Family Healthcare Erindale will not disclose personal information for direct marketing purposes unless the individual has consented to their personal information being used for direct marketing. Individuals have opt-out mechanisms.
This Practice has made this and other material available to patients to inform them of our policies on the management of personal information. On request we will generally let patients know what sort of personal information we hold, and for what purposes, and how we collect, hold, use and disclose that information.
Please direct any queries, complaints, requests for access to medical records to:
Merici Quigley (Practice Manager)
Ph: (08) 8431 2077
Social Medical Policy
If the views displayed on personal social media page do not directly reflect those of the general practice, boards or committees that you are a part of, this disclaimer must be inserted. ‘This account reflects my personal views and not the views of my employer, or any businesses, committees or boards with which I am involved.’
Social media’ is defined as online social networks used to disseminate information through online interaction.
Regardless of whether social media is used for business related activity or for personal reasons, the following standards apply to members of our practice team, including general practitioners. Practitioners and team members are legally responsible for their postings online. Practitioners and team members may be subject to liability and disciplinary action including termination of employment or contract if their posts are found to be in breach of this policy.
When using the practice’s social media, all members of our practice team will not:
- Post any material that:
- Is unlawful, threatening, defamatory, pornographic, inflammatory, menacing, or offensive
- Infringes or breaches another person’s rights (including intellectual property rights) or privacy, or misuses the practice’s or another person’s confidential information (e.g. do not submit confidential information relating to our patients, personal information of staff, or information concerning the practice’s business operations that have not been made public)
- Is materially damaging or could be materially damaging to the practice’s reputation or image, or another individual
- Is in breach of any of the practice’s policies or procedures
- Use social media to send unsolicited commercial electronic messages, or solicit other users to buy or sell products or services or donate money
- Impersonate another person or entity (for example, by pretending to be someone else or another practice employee or other participant when you submit a contribution to social media) or by using another’s registration identifier without permission
- Tamper with, hinder the operation of, or make unauthorised changes to the social media sites
- Knowingly transmit any virus or other disabling feature to or via the practice’s social media account, or use in any email to a third party, or the social media site
- Attempt to do or permit another person to do any of these things:
- Claim or imply that you are speaking on the practice’s behalf, unless you are authorised to do so
- Disclose any information that is confidential or proprietary to the practice, or to any third party that has disclosed information to the practice
- Be defamatory, harassing, or in violation of any other applicable law
- Include confidential or copyrighted information (e.g. music, videos, text belonging to third parties), and
- Violate any other applicable policy of the practice.
Any social media must be monitored in accordance with the practice’s current polices on the use of internet, email and computers.
Our practice complies with the Australian Health Practitioner Regulation Agency (AHPRA) national law, and takes reasonable steps to remove testimonials that advertise our services (which may include comments about the practitioners themselves). Our practice is not responsible for removing (or trying to have removed) unsolicited testimonials published on a website or in social media over which we do not have control.
Any social media posts by members of our practice team on their personal social media platforms should:
- Include the following disclaimer example in a reasonably prominent place if they are identifying themselves as an employee of the practice on any posting: ‘The views expressed in this post are mine and do not reflect the views of the practice/business/committees/boards that I am a member of’, and
- Respect copyright, privacy, fair use, financial disclosure and other applicable laws when publishing on social media platforms.