Privacy Policy

Coburg Family Medical Centre, 100 Bell Street Clinic, Coburg Medical and Dental, Coburg Junction Medical Centre privacy policy

Current as of: 27/02/2022

Introduction

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this. Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).

What personal information do we collect?

The information we will collect about you includes your:

• names, date of birth, addresses, contact details

• medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors

• Medicare number (where available) for identification and claiming purposes

• healthcare identifiers

• health fund details.

Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

How do we collect your personal information?

Our practice may collect your personal information in several different ways.

1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration. During the course of providing medical services, we may collect further personal information. Our practice participates in Safe Script, My Health Record, and electronic transfer or prescriptions (eTP).We may also collect your personal information when you visit our website, send us an email or SMS, telephone us or make an online appointment.

2. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

• your guardian or responsible person

• other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services

• your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

When, why and with whom do we share your personal information?

We sometimes share your personal information:

• with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy

• with other healthcare providers

• when it is required or authorised by law (eg court subpoenas)

• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

• to assist in locating a missing person

• to establish, exercise or defend an equitable claim

• for the purpose of confidential dispute resolution process

• when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)

• During the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data.

We may provide de-identified data to other organisations to improve population health outcomes. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff or your general practitioner know if you do not want your information included.

How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms. Patients electronic records are password protected. Hard copy scans delivered by Radiology providers are store behind the reception desk in a cupboard which is given to the patient when they return for their appointment with the doctor.

Our practice stores all personal information securely. Our clinical software is password protected and accessible only via unique individual passwords that give access to information according to the person’s level of authorization. All staff are bound by confidentiality agreement upon commencement of employment including subcontractors. Strict disciplinary action will be taken for those found in breach of this agreement.

Confidential bins are located under each workstation and are emptied daily.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and post to the practice or hand to the reception staff, where they will bring it to the attention of the Practice Assistants and our practice will respond within a 30 day time frame.

Patients requesting their medical records may incur a fee.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to the Practice Assistant, Natalie Madi or John Moussa via post or in person.

Your responsibilities about confidentiality and privacy You can discuss your health and healthcare with anyone you choose but you need to keep in mind that people who are not your healthcare providers are not bound by confidentiality rules. If you keep a personal health record, you are responsible for keeping it safe and private. However, an eHealth record is kept safe and private by the Department of Human Services.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it in accordance with our resolution procedure.

Mailing Address: Coburg Family Medical Centre 497 Sydney Road, Coburg VIC 3058

Coburg Medical and Dental 102 Bell Street, Coburg VIC 3058

Coburg Junction Medical Centre Level 1, 501 Sydney Road, Coburg VIC 3058

100 Bell Street Clinic 100 Bell Street, Coburg VIC 3058

We endeavor to respond to your complaint within a 30 day timeframe.

You can also email your complaint to manager@coburgfmc.com.au.

If your matter is not resolved within the practice, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our website Collection of your personal information The personal information we collect via this website may include: • The content in electronic forms that you submit via this website. For example a request to provide services, information or to take action • Information submitted by you in an online survey • Messages or comments, including personal information such as name, email address and telephone number, you submit to us via this website. For example through email addresses displayed on this website. Email addresses on this site will only be used to respond to specific user queries and will not be added to any mailing lists, nor disclosed to any other party without users' knowledge and consent, unless required by law. Web statistical data collection Pages on the site may be coded with Google Analytics software. This is transparent to the user, as the software makes use of JavaScript code in the source HTML of the web page. This JavaScript stores a first-party cookie in your browser, which contains a unique identifier, and sends information to Google Analytics. This enables Google Analytics to track the number of unique visitors to the site. In no way does this unique identifier identify a user personally. We do not and will not marry any data collected by Google Analytics with any personal information. While you can browse this website anonymously, without disclosing your personal information, we may not be able to provide the full range of services through this website if we are not provided with the information outlined above.

Use and disclosure of your personal information

Where we collect personal information from you via our website, a privacy disclaimer will indicate which third parties we might share your information with (if any).

In addition to providing our services to you and carrying out your requests, we may use or disclose personal information that we collect about you for purposes including the following:

• For the purpose that we have collected the information

• Purposes related to our research, planning, product and service development, security and testing

• Purposes connected with the operation, administration, development or enhancement of this website

• Where we suspect that fraud or unlawful activity has been, is being or may be engaged in

• Any other purposes required or authorised by law.

We may share personal information within the practice and with third parties. The types of third parties to whom we may disclose your personal information includes our contracted service providers who assist us in providing this website and delivering our services such as our software developers, organisations who provide archival, auditing, professional advisory, banking, mailhouse, delivery, recruitment, call centre, information technology, research, utility and security services. We may also disclose your personal information to your authorised representatives or third parties acting on your behalf, for example your solicitor or interpreter. If you have made an online booking, your details will be forwarded to our practice management software and the developer’s organization, our staff and contractors and any other third parties to whom your booking relates or who can assist in processing your booking and delivering the service to you. Security We have implemented technology and security policies, rules and measures to protect the personal information that we have under our control.

However, you should be aware that there are risks in transmitting information across the Internet. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us online and individuals do so at their own risk. Once any personal information comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification and disclosure.

If you are concerned about conveying sensitive material to us over the Internet, you might prefer to contact us by telephone or mail. We will remove personal information from our system where it is no longer required (except where archiving is required and in order to fulfil our obligations under the Australian Privacy Principles.

We take additional steps to protect the security of your personal information, such as strong 128-bit SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports 128-bit encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol located in the browser status bar at the foot of the browser. Feedback, information request form and email We may preserve the content of any feedback form, information request form, email or other electronic message that we receive.

Any personal information contained in that message will only be used or disclosed in ways set out in this Website Privacy Statement. We will not use that information to add you to a mailing list without your consent.

Policy review statement

This privacy policy will be reviewed regularly to ensure it is in accordance with any changes that may occur. The updated privacy policy will be available once reviewed annually to our patients via our website and within the practices. The next review date will be 27th February 2023.

Disclaimer

The Privacy policy template for general practices is intended for use as a guide of a general nature only and may or may not be relevant to particular practices or circumstances.

The Royal Australian College of General Practitioners (RACGP) has used its best endeavours to ensure the template is adapted for general practice to address current and anticipated future privacy requirements.

Persons adopting or implementing its procedures or recommendations should exercise their own independent skill or judgement, or seek appropriate professional advice.

While the template is directed to general practice, it does not ensure compliance with any privacy laws, and cannot of itself guarantee discharge of the duty of care owed to patients.

Accordingly, the RACGP disclaims all liability (including negligence) to any users of the information contained in this template for any loss or damage (consequential or otherwise), cost or expense incurred or arising by reason of reliance on the template in any manner.