The purpose of this document is to explain to you how Craigmore Family Practice complies with its confidentiality and privacy obligations and to inform our patients how your personal information, which includes your health information, is collected, how it is used within our practice and the circumstances with which we may share it with third parties. This policy is readily available to all of patients of Craigmore Family Practice.
We are committed to protecting the privacy of patient information and to the responsible handling of your information in line with the Australian Privacy Principles. To enable ongoing care and total quality improvement with the practice, and in keeping in with the Privacy Act March 2014 and National Privacy Principles we wish to provide you with sufficient information on how your personal health information may be used or disclosed
Why and when your consent is necessary
We require your consent to collect personal information about you. This medical practice collects information from you for the primary purpose of providing quality health care. Only the staff who need to see your personal information will have access to it.We require you to provide us with your personal details and a full medical history so that we may properly assess, diagnose, treat and be proactive in your health care needs.
Why do we collect, use hold and share your personal information?
We use the information that you provide us in the following ways:
- Administrative purposes in running our medical practice.
- Billing purposes, including compliance with Medicare and Health Insurance Commission requirements.
- Disclosure to others involved with your health care, including treating doctors and specialists outside of this medical practice. This may occur through referrals to other doctors, or for medical tests and in reports returned to us following the referrals.
- Disclosure to other doctors in the practice, locums, registrars and medical students attached to the practice for the purpose of patient care and teaching.
How do we collect your personal information?
Our practice may collect your personal information in several different ways
- When you make your first appointment our practice staff will collect your personal and demographic information via your registration
- During the course of providing medical services, we may collect further personal information sources such as medical records transfers and your My Health Record.
- We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us via electronic apps or other electronic means.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:–
- your guardian or responsible person
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
- your health fund, Medicare, or the Department of Veterans’ Affairs as necessary
What personal information do we collect?
The information we will collect about you includes your:
- names, date of birth, addresses, contact details
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- healthcare identifiers
- health fund details
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. Craigmore Family Practice will likely refer patients who choose not to identify themselves to public hospitals, for patient safety and to reduce medico-legal risk.
When, why and with whom do we share your personal information?
We sometimes share your personal information:
- For accounting procedures and the collection of professional fees
- The diagnosis and treatment of any health condition, including the communication of relevant information only to practice staff, specialists and other health care providers to ensure quality care is delivered
- Accreditation and Quality Assurance activities which are conducted by professionally trained non-treating general practitioners and qualified persons
- For legal related disclosure as required by law (e.g. court subpoenas)
- For disease notification as required by law
- For use when seeking treatment by other doctors in this practice
- For the purpose of obtaining medical records, previous clinical reports and management regimes from other practitioners, institutions, laboratories etc
- When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- Follow up reminder and recall phone calls/notifications for treatment and preventative healthcare
- To establish, exercise or defend an equitable claim
Other than as described in this Policy or permitted under the National Privacy Act, Craigmore Family Practice uses its reasonable endeavours to ensure that identifying health information is not disclosed to any person. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent. We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent. Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.
Our practice may use your personal information to improve the quality of the services we offer to our patients through research and analysis of our patient data. We will treat your personal information as strictly private and confidential.
Secondary use of de-identified data
We may provide de-identified data to other organisations to improve population health outcomes as allowable under the privacy legislation. The information is secure, patients cannot be identified and the information is stored within Australia. You can let our reception staff know if you do not want your de-identified information included. De-identified data cannot be linked back to individual patients. We use it for:
• Quality Improvement activities at the practice
• Students and staff to participate in medical training/teaching.
• Adelaide Primary Health Network to inform local health needs and services and;
• Research purposes.
Where identified patient data may be used for these allowable secondary uses, your express consent will be obtained and documented.
How do we store and protect your personal information?
Personal information that we hold is protected by:
- securing our premises;
- placing extensive security measures across our computer network – Our electronic files are password-protected on several levels, and the computer backup tapes are stored offsite
- placing passwords and varying access levels on databases to limit access and protect electronic Information from unauthorised interference, access, modification and disclosure
We require all our employees and contractors to observe obligations of confidentiality in the course of their employment/contract.
We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we are required to maintain such records under some laws.
How can you access and correct your personal information at our practice?
You have the right to request access to and if necessary, correct your personal information. Our practice acknowledges patients may request access to their medical records. Our preferred process is that you make an appointment to review your record with your GP. We may also require you to put an access request in writing to the manager, via email or letter and our practice will respond within 7 days. There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests when seeing your doctor, via reception or in writing to the reception email.
How can you lodge a privacy related complaint and how will the complaint be handled at our practice?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have with your Doctor or in writing to the Manager. We will then attempt to resolve it in accordance with our resolution procedure.
If you still have concerns you may wish to take your complaint to an outside organisation. The body to contact is:
Health & Community Services Complaints Commissioner
L4 (East Wing), 50 Grenfell Street Adelaide (PO Box 199 Rundle Mall SA 5000)