Privacy Policy

 

Current as of: 5 December 2019

 

Introduction

 

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice (Gold Coast Medical Centre), and the circumstances in which we may share it with third parties.

 

Our Practice is committed to ensuring the privacy and confidentiality of all personal information affiliated with our Practice’s business undertakings.

 

Our Practice complies with the requirements of the Australian Privacy Principles (APPs). The APPs regulate how our Practice may collect, use, disclose and store personal information and how individuals including our patients may address breaches of the APPs by our Practice and access and correct personal information.

 

The point of contact for queries regarding this policy is Dr. Reza Madah, Practice Manager – Ph 07 5500 6555.

 

Why and when your consent is necessary

 

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

 

Why do we collect, use, hold and share your personal information?

 

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg staff training).

 

What personal information do we collect?

 

The information we will collect about you includes your:

  • names, date of birth, addresses, contact details
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
  • Medicare number (where available) for identification and claiming purposes
  • healthcare identifiers
  • health fund details.

Dealing with us anonymously

 

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.

 

How do we collect your personal information?

 

Our practice may collect your personal information in several different ways.

  1. When you make your first appointment our practice staff will collect your personal and demographic information via your registration.
  2. During the course of providing medical services, we may collect further personal information.
  3. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
  4. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
  • your guardian or responsible person
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
  • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

When, why and with whom do we share your personal information?

 

We sometimes share your personal information:

  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
  • with other healthcare providers
  • when it is required or authorised by law (eg court subpoenas)
  • when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
  • to assist in locating a missing person
  • to establish, exercise or defend an equitable claim
  • for the purpose of confidential dispute resolution process
  • when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
  • during the course of providing medical services, through eTP, My Health Record (eg via Shared Health Summary, Event Summary).

Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

 

We will not share your personal information with anyone outside Australia (unless under exceptional circumstances that are permitted by law) without your consent.

 

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent. If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

 

How do we store and protect your personal information?

 

Your personal information may be stored at our practice in various forms - eg as paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings.

 

Our Practice stores all personal information securely.

 

Our Practice securely stores and protects personal information in electronic format on a secure server, in protected information systems and in hard copy format in a secured environment. Our Practice uses passwords, secure cabinets, confidentiality agreements for staff and contractors.

 

How can you access and correct your personal information at our practice?

 

You have the right to request access to, and correction of, your personal information.

 

Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing, faxed to our surgery from another practice. Our practice will respond within a reasonable time (within 30 days). A full summary will be sent at no cost. However, if a full medical record is requested, a fee that will not be excessive to cover all administration costs (photocopying, stationery and/or registered postage) is payable.

 

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to:

 

The Practice Manager,

Gold Coast Medical Centre,

Suite 10/465 Oxley Drive,

Runaway Bay 4216.

Email: info@goldcoastmedicalcentre.com.au

 

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

 

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it as soon as possible (within 30 days) in accordance with our resolution procedure. Our practice contact details are:

 

The Practice Manager

Gold Coast Medical Centre

Suite 10/465 Oxley Drive

Runaway Bay Qld 4216

Ph: 07 5500 6555

Email: info@goldcoastmedicalcentre.com.au

 

You may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

 

In the unlikely event that we are unable to address your issue to your satisfaction the Office of the Health Ombudsman may also be contacted by calling 133OHO (133646) or write to PO Box 13281 George Street, Brisbane 4003 or email info@oho.qld.gov.au or visit www.oho.qld.gov.au.

 

Privacy and our website

 

Our Practice website does not collect personal patient information. Appointuit online booking is available via a link on our website, via the Book Appointment Online button. Please refer to Appointuit’s privacy policy for details on how Appointuit collects information digitally.

 

Policy review statement

 

This privacy policy is reviewed regularly to ensure it is in accordance with any changes that may occur. Each time this policy is amended or changed the updated version will show in the privacy section of the Gold Coast Medical Centre website www.goldcoastmedicalcentre.com.au/privacy-policy.

 

Patients will be informed of amendments and directed to the Gold Coast Medical Centre website to view the policy via waiting room sign and group email sent via Appointuit.

 

Hard copies are always available at reception for patients who do not have access to a computer.

 

Patient acknowledgement

 

In line with the APPs it is important that you understand how your personal information may be used in your healthcare. Patients should read the Implied Consent Statement below. If you wish to discuss any aspect of the management of your health records, please speak to the Practice Manager.

 

Your medical record is a confidential document. It is the policy of this Practice to maintain security of personal health information at all times and to ensure that this information is only available to authorised members of staff.

 

Implied Consent Statement

 

Privacy Act 1988 (Implied Consent is agreement that can be inferred from an individual’s conduct)

 

Please be advised that the Doctors and staff of Gold Coast Medical Centre will collect and record such information about persons who present at this Practice seeking medical advice, as is necessary for the primary purpose of providing quality health care or for a secondary purpose, which is related to the primary purpose, i.e. referral to a specialist, pathology etc.

Information collected with your consent can only be used to provide your care or in circumstances related to public interest such as law enforcement and public or individual health and safety. If it is desired that the information be used for other purposes, e.g. research or statistics, your specific consent for each such use must and will be obtained.

 

We require you to provide us with your personal details and a full medical history so that we may properly assess, diagnose, treat and be proactive in your health care needs. This means that we will use the information you provide in the following ways:

  • Administrative purposes in running our medical practice.
  • Billing purposes, including compliance with Medicare and Health Insurance Commission requirements.
  • Disclosure to others involved in your health care, including treating Doctors and specialists outside Gold Coast Medical Centre. This may occur through referral to other Doctors, or for medical tests and in the reports or results returned to us following the referrals.
  • Disclosure to other Doctors in the practice, locums and by Registrars attached to the practice for the purpose of patient care and teaching.

It is important that you are aware of your right to access the information collected about you, except in some circumstances where access might legitimately be withheld. An explanation will be given in these circumstances. Please be aware that the practice is entitled to charge fees in regard to requests for access to information to cover:

  • The time spent by administrative staff to provide access.
  • Time necessarily spent by a medical practitioner to provide access at the practitioner’s ordinary sessional rate and
  • For photocopying and other administrative costs.

It is important that you understand that whilst you are not obliged to provide any information requested of you, your failure to do so might compromise the quality of the health care and treatment that can be provided to you. By making an appointment to see a doctor at this Practice you will be deemed to have given consent to the collection of such information and to the disclosure of such information for a secondary purpose, which is related to the primary purpose as outlined above.

 

De-identified Data Sharing

 

Gold Coast Medical Centre share’s de-identified population health data for quality improvement and evaluation purposes as per the RACGP Standards for General Practice (5th edition). De-identified data provided from the Practice to the Gold Coast Primary Health Network will be managed in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles contained therein, Personally Controlled Electronic Health Records Act 2012 (Cth), the Information Privacy Act 2009 (Qld) and any other applicable law relating to privacy in relation to the discharge of its obligations under this Agreement. Patients can opt out of de-identified data sharing activities anytime by speaking with the Practice Manager.