PRIVACY POLICY
PURPOSE
St Leonards Family Medical Centre (ACN 662 490 217) (We / Us) is a facility that provides rooms and services to medical practitioners and other health service providers who operate their practice from within the facility.
We are committed to protecting the privacy of personal information provided to Us and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).
Where we refer to “personal information” in this Policy, we are referring to any information that is personal information under the Privacy Act.
This Policy outlines how we collect, use, disclose and store your personal information and lets you know how you can access that information.
CONSENT
We are committed to ensuring that any personal information we collect is obtained lawfully, transparently and with your consent, whenever it is practical for us to do so. By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy. In some circumstances, where it is not reasonable or practical for us to collect this information directly from you, responsible persons (for example, a spouse or partner, close family member, emergency contact or enduring medical power of attorney) may consent on your behalf.
COLLECTION OF PERSONAL INFORMATION
We generally collect information that is necessary and relevant to enable Us to provide you with access to medical care, treatment and to manage the facility.
If you choose not to provide information as requested, we may not be able to service your needs.
This information may include your name, address, date of birth, gender, health information, family history and contact details and any other information to assist Us in providing you access to Services provided by your healthcare provider.
We will usually collect your personal information directly from you or by email, telephone, written correspondence or via our Online Booking provider (HotDoc).
Where it is not reasonable or practical for us to collect this information directly from you, we may need to collect information about you from a third party.
We may also collect information from a third party where your health may be at risk, and we need your personal information to provide you with emergency medical treatment. The third parties from whom we may collect your personal information include:
We may be required by law to retain medical records for a period of 7 years following your most recent visit, or to age 25 for children.
USE AND DISCLOSURE
We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose). The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include:
In addition, we may de-identify and/or aggregate the personal information that we collect to carry out clinical research, quality assurance or analytics relating to customer service, health outcomes and other business activities.
We will treat your personal information as strictly private and confidential. We will use and disclose your personal information for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment or as otherwise required or permitted by law, including to provide medical services or to provide reminders to you.
We may disclose de-identified data, including demographic data, to the relevant Primary Health Network.
We may use and disclosed de-identified, aggregated data for management, quality assurance and administrative purposes.
We may have CCTV installed in the common areas at Our centres, such as the reception area. CCTV systems are only installed in areas of operation. CCTV cameras are never hidden. The recording of CCTV footage may be continuous or limited. We may collect, use and disclose your personal information in the CCTV footage for security purposes.
REMAINING ANONYMOUS IN ACCESSING SERVICES
If you are accessing healthcare services through Us, staying completely anonymous may not be practical because we are required to maintain accurate records of the care and services you receive access to. While we may be able to accommodate the use of a pseudonym, be aware that choosing not to disclose your real identity could affect the quality of services you receive. If you would like to use a pseudonym that is confidentially linked to your real identity, please let us know so we can discuss how best to assist you in the management of your care and treatment at Our facilities.
For other interactions, you are welcome to contact us anonymously or use a pseudonym. However, doing so may limit Our ability to effectively address your feedback or inquiries. We will inform you if collecting additional personal information is necessary to assist you further.
DIRECT MARKETING
We may use the personal information we collect from you for marketing purposes, including e-newsletters, promotions and special offers. Our communications may be sent to you in various forms, including mail, SMS, and email in accordance with applicable laws. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
If you have received marketing information from Us and you wish to stop receiving it, you can contact us (either using the contact details below or the opt-out mechanism detailed in our marketing material) and ask us to stop sending the marketing information within a reasonable time after your request has been made.
We will not sell, distribute, or licence your personal information to third parties unless we have your permission or are required by law to do so.
DATA QUALITY AND SECURITY
We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure. We collect that information from you directly and rely on you to supply accurate information.
Accuracy
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes. Our staff may ask you to confirm that your contact details are correct when you attend a consultation.
Security
We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures to protect your privacy. We regularly review our information security processes to ensure they continue to offer an appropriate level of protection for your information.
Retention
When we no longer need your personal information for the purposes described in the Policy, and we are not required to retain it under relevant accreditation standards or law, we will destroy or permanently de-identify it.
Notification
If we become aware that unauthorised access or disclosure of your information has occurred and there is a likely risk of serious harm associated with that unauthorised access or disclosure, we will notify you promptly and provide you with a recommended course of action where necessary.
Although We will endeavour to protect your personal information, We are unable to guarantee that any information you transmit to Us over the internet is 100% secure. Any information you transmit to Us over the internet is conducted at your own risk.
ACCESS
Subject to any legal restrictions, you are entitled to request access to your personal information We hold about you. We request that you send your request in writing to Us and We will respond to it within a reasonable time.
There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.
We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to Our decision.
In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner so that complex clinical information can be explained to you within the context of your individual circumstances.
Pathology results are available in your MyHealth record after 7 days from the date of the tests being undertaken.
COMPLAINTS
If you have a complaint about the privacy of your personal information (including any breach of the Australian Privacy Principles or an applicable registered APP code), or you would like further information on Our privacy policy, or you need to correct your personal information, We request that you contact Us in writing at the following address:
St Leonards Family Medical Centre
Level 1, Tower 2, 101/88 Christie Street, St Leonards NSW 2065
Upon receipt of a complaint, We will consider the details and attempt to resolve it in accordance with Our complaints handling procedures. If you are dissatisfied with Our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner (see http://www.oaic.gov.au/privacy/privacy-complaints) or the Privacy Commissioner in your State or Territory.
OVERSEAS DISCLOSURE OF PERSONAL INFORMATION
We may disclose your personal information to one of Our overseas service providers who are located in different jurisdictions including The Philippines and will require that service provider to retain that information as confidential information. All your personal information will only be stored in Australia.
GENERAL
We may amend or replace this privacy policy from time to time in which case a copy of the amended privacy policy will be published on our website.
If an individual does not provide their personal information to Us, We may not be able to provide our services to them.