Our website address is: https://forrestroadgp.com.au.
This template covers:
- Practice procedures
- Staff responsibilities
- Patient consent
- Collection, use and disclosure of information
- Access to information
To ensure patients who receive care from Forrest Road GP are comfortable in entrusting their health information to Forrest Road GP. This policy provides information to patients as to how their personal information (which includes their health information) is collected and used within Forrest Road GP, and the circumstances in which we may disclose it to third parties.
RACGP Compliance indicators for the Australian Privacy Principles: and addendum to the computer and information security standards (Second edition).
Background and rationale
The Australian Privacy Principles (APP) provide a privacy protection framework that supports the rights and obligations of collecting, holding, using, accessing and correcting personal information. The APP consists of 13 principle-based laws and apply equally to paper-based and digital environments. The APP complements the long-standing general practice obligation to manage personal information in a regulated, open and transparent manner.
This policy will guide Forrest Road GP staff in meeting these legal obligations. It also details to patients how Forrest Road GP uses their personal information. The policy must be made available to patients upon request.
Forrest Road GP will:
- Provide a copy of this policy upon request
- Ensure staff comply with the APP and deal appropriately with inquiries or concerns
- Take such steps as are reasonable in the circumstances to implement practices, procedures and systems to ensure compliance with the APP and deal with inquiries or complaints
- Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and payments.
Forrest Road GP Staff will take reasonable steps to ensure patients understand:
- What information has been and is being collected
- Why the information is being collected, and whether this is due to a legal requirement
- How the information will be used or disclosed
- Why and when their consent is necessary
- Forrest Road GP’s procedures for access and correction of information, and responding to complaints of information breaches, including by providing this policy.
Forrest Road GP will only interpret and apply a patients’ consent for the primary purpose for which it was provided. When a patient registers, they provide consent for our GP’s and practice staff to access and use their personal information so they can provide the best possible healthcare. Forrest Road GP staff must seek additional consent from the patient if the personal information collected may be used for any other purpose.
Collection of information
Forrest Road GP will need to collect, use, hold and share personal information as a provision of clinical services to a patient at the practice. Collected personal information will include patients’:
- Names, date of birth, addresses and contact details
- Medicare number (where available) for identification and claiming purposes
- Healthcare identifiers and health fund details
- Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
A patient’s personal information may be held at Forrest Road GP in various forms:
- As paper records
- As electronic records
- As visual – x-ray, CT scans, videos and photos
- As audio recordings.
Forrest Road GP’s procedure for collecting personal information is set out below.
- Forrest Road GP staff collect patients’ personal and demographic information via registration when patients present to the Practice for the first time. Patients are encouraged to pay attention to the collection statement attached to/within the form and information about the management of collected information and patient privacy.
- During the course of providing medical services, Forrest Road GP’s healthcare practitioners will consequently collect further personal information.
- Forrest Road GP may also collect personal information when patients visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
- Personal information may also be collected from other sources, when practical and necessary. This may include information from:
- the patients’ guardian or responsible person,
- other involved healthcare specialists, allied health professionals, hospitals, community health services and pathology/diagnostic imaging services,
- the patients’ health fund, Medicare or the Department of Veteran’s Affairs (as necessary)
Forrest Road GP holds all personal information securely, whether in electronic format, in protected information systems or in hard copy format in a secured environment.
Use and Disclosure of Information
Personal information will only be used for the purpose of providing medical services and for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training). Some disclosure may occur to third parties engaged by or for Forrest Road GP business purposes, such as accreditation or for the provision of information technology. These third parties are required to comply with APPs and this policy. Forrest Road GP will inform the patient where there is a statutory requirement to disclose certain personal information (for example, some diseases require mandatory notification).
Forrest Road GP will not disclose personal information to any third party other than in the course of providing medical services, without full disclosure to the patient or the recipient, the reason for the information transfer and full consent from the patient. Forrest Road GP will not disclose personal information to anyone outside Australia without need and without patient consent.
Exceptions to disclose without patient consent are where the information is:
- Required by law
- Other health care providers
- Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- To assist in locating a missing person
- To establish, exercise or defend an equitable claim
- For the purpose of a confidential dispute resolution process
- When there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- During the course of providing medical services, through Electronic Transfer of Prescriptions (eTP), MyHealth Record/PCEHR system (eg via Shared Health Summary, Event Summary).
Forrest Road GP will not use any personal information in relation to direct marketing to a patient without that patients’ express consent. Patients may opt-out of direct marketing at any time by notifying Forrest Road GP in a letter or email.
Forrest Road GP evaluates all unsolicited information it receives to decide if it should be kept, acted on or destroyed.
Access, Corrections and Privacy Concerns
Forrest Road GP acknowledges patients may request access to their medical records. Patients are encouraged to make this request in writing, and Forrest Road GP will respond within a reasonable time.
Forrest Road GP will take reasonable steps to correct personal information where it is satisfied they are not accurate or up to date. From time to time, Forrest Road GP will ask patients to verify the personal information held by the practice is correct and up to date. Patients may also request Forrest Road GP corrects or updates their information, and patients should make such requests in writing.
Forrest Road GP takes complaints and concerns about the privacy of patients’ personal information seriously. Patients should express any privacy concerns in writing to the Practice Manager at email@example.com.
Forrest Road GP will attempt to resolve any complaint in accordance with its complaint resolution procedure.
Under health services (conciliation and review) Act 1987 people with complaints should try to resolve them directly with the health service provider. Patients may also contact the OAIC. Generally the OAIC will require you to give them time to respond, before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002. If a satisfactory outcome is not achieved then the complaint can go directly to the Health Services Commissioner for action.
The public may also call the Health and Disability Services Complaints Office (HaDSCO) on 1800 813 583 at any time concerning a query to report a complaint.
The Australian Privacy Commissioner is able to receive complaints concerning privacy issues. Complaints should have a response within 28 days;
Australian Privacy Commissioner
Privacy hotline 1300363992
GPO Box 5218
Sydney NSW 2001
Members of the public may make a notification to Australian Health Practitioner Regulation Agency (AHPRA) http://www.ahpra.gov.au about the conduct, health or performance of a practitioner or the health of a student. Practitioners, employers and education providers are all mandated by law to report notifiable, conduct relating to a registered practitioner or student of AHPRA.
Policy Review Statement
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.