Our Privacy Policy

Introduction

This practice is bound by the Federal Privacy Act (1988) and the Australian Privacy Principles (APPs) and also complies with the Information Privacy Act 2009.  Crofton Medical Centre recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

What is your personal information?

Personal information is information that identifies you or could reasonably identify you. Personal health information a particular subset of personal information can include any information collected and held to provide a health service. Our privacy policy covers all people who use our services or otherwise provide their personal information to us.

Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).

What personal information do we collect and hold?

The information Crofton Medical Centre collects includes medical details, family information, name, address, employment or other demographic data, past medical and social history, current health issues and future medical care, Medicare number, account details and any health information such as medical or personal opinions about a person’s, disability or health status.

We may also collect some information that is not considered personal information as it does not identify you or anyone else. For example, we may collect de-identified responses to patient feedback surveys.

How do we collect your personal information?

Our practice will collect your personal information:

• When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
• During the course of providing medical services, we may collect further personal information.
• Information can also be collected through Electronic Transfer of Prescriptions, MyHealth Record/PCEHR system, eg via Shared Health Summary, Event Summary. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us or make an online appointment.
• In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

           a.     your guardian or responsible person

           b.     other involved healthcare providers, such as specialists, allied health professionals, hospitals,                   community health services and pathology and diagnostic imaging services

           c.      your health fund, Medicare, or the Department of Veteran's Affairs (as necessary).

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, the following may happen:

• Crofton Medical Centre, may not be able to provide the requested service to you
• Your diagnosis or treatment may be inaccurate or incomplete

For what purpose do we collect, hold, use and disclose your personal information?

• To provide medical services and treatment to you
• For administrative and billing purposes
• Update our records and keep your details up to date
• To process and respond to any complaints made
• To comply with any law, rule and regulations
• For the purpose of data research and analysis
• For inclusion in a recall register for prevention of chronic disease
• For the purpose of reporting back to your employer
• To answer any queries about the services we provide to you
• To provide information to third parties with your consent
• To meet the obligations of notification to our medical defence organisations or insurers

Who do we disclose your information to?

Personal information will only be used for the purpose of providing medical services and for claims and payments, unless consented otherwise. We sometimes share your personal information:

• with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
• with other healthcare providers
• when it is required or authorised by law (eg court subpoenas)
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of confidential dispute resolution process
• when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
• during the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record/PCEHR system (eg via Shared Health Summary, Event Summary). Only people that need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Direct Marketing

Crofton Medical Centre does not use or disclose the information we collect about you for direct marketing unless an exception applies, including where the individual either consents to the disclosure or has a reasonable expectation that their personal information will be used for direct marketing, and the organisation notifies the individual on how to ‘opt out’ of direct marketing communications. Direct marketing communications from Crofton Medical Centre may include information about our products and services and may be in the form of email, SMS, fax and mail.

How can you access and correct your personal information?

Crofton Medical Centre acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and Crofton Medical Centre will respond within a reasonable time. Crofton Medical Centre will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, Crofton Medical Centre will ask patients to verify their personal information to ensure it is accurate and up to date. Patients may also request for this information to be corrected / updated in writing.

Security

Crofton Medical Centre takes all reasonable steps to ensure that your personal information is protected from loss and misuse. Crofton Medical Centre holds your information in both electronic and hard copy format. Your personal information may be stored at our practice in various forms, eg as paper records, as electronic records, as visual (X-rays, CT scans, and photos).

Our practice stores all personal information securely. We securely store and protect personal information in electronic format in protected information systems. We scan all documents and correspondence into our electronic record. Paper originals are securely shredded. Our staff all sign confidentiality statements

When your personal information is no longer needed it is destroyed or de-identified.

How can you lodge a privacy related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure. Our contact details are:

Crofton Medical Centre

PO Box 661

Bundaberg Qld 4670

Tel: 07 4151 8551

Fax: 07 4151 8760

e-mail: admin@croftonmedical.com.au

We will respond within 30 days in writing.

You may also contact the OAIC.

Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.

Privacy and our website

Cookies are pieces of information that a website transfers to your computer's hard disk for record-keeping purposes, website usage statistics or to provide enhanced functionality on the site. Our cookies may do some or all of these depending on the particular page and its functionality. Generally, the information obtained by cookies is de-identified and does not constitute personal information, but may include the IP address of your computer. We may use this information for additional functionality or to analyse usage patterns.

You are ultimately in control of your browser’s dealings with cookies. Most browsers are by default set to accept cookies, but have the capacity to block or delete them. However, if you do not wish to receive any cookies you should set your browser to refuse cookies. In some instances this may mean you will not be able to take full advantage of parts of CMC’s website.

By using our website, you accept the use and installation of these cookies to provide you with these services.

E-Mail

We do not use encrypted email and cannot guarantee confidentiality of information sent by email. We discourage the use of email for all forms of medical correspondence.

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy please contact the Practice Manager on 4151 2701.  Your requests and complaints will be treated confidentially. Our practice representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and your options.

If you feel the clinic cannot resolve your complaint/concern please contact the Office of the Health Ombudsman on 133 646 or email complaints@oho.qld.gov.au

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. We will notify you when we amend this policy by clearly displaying any changes at the reception desk and on our notice boards.

*Based on RACGP APP Privacy Policy – Management of Patient Health Information