As an organisation, our principal concern is and always has been the health of patients who visit our medical centre. A high level of trust and confidentiality is required to ensure the confidence of the patients we serve.
From the 21st December 2001, the Privacy Amendment (Private Sector) Act 2000 extended the operation of the Federal Privacy Act 1988 to include the private health sector throughout Australia. Going forward, patients will be assured that their privacy will be protected when visiting our practice; that the information collected and retained in our patient records is correct and up-todate; and that they can access their information for review.
While the new legislation will serve to complement our existing culture of confidentiality and our already established professional practice obligations and to ensure best practice.
No exceptions under the Privacy Act apply to personal information that we hold or to any of our acts or practices.
Collection, Use & Disclosure
We recognise that the information we collect is often of a highly sensitive nature and as an organisation we have adopted the highest privacy compliance standards relevant to ensure personal information is protected.
We are a service company to the medical practitioners who provide services at our practice. For administrative and billing purposes, and to enable the patient to be attended by other practitioners in our practice, patient information is shared between the practitioners who attend a patient.
We (on behalf of) and the practitioners may collect personal information (including health information) regarding patients for the purpose of providing medical services and treatment to patients. Personal information collected will generally include: the patient’s name, address, telephone number and Medicare number; health care fund; current drugs or treatments used by the patient; previous and current medical history, including where clinically relevant a family medical history, and the name of any health service provider or medical specialist to whom the patient is referred, copies of any letters of referrals and copies of any reports back.
We may access information:
- provided directly by the patient;
- provided on the patient’s behalf with the patient’s consent;
- from a health service provider who refers the patient to medical practitioners
- from health service providers to whom patients are referred.
Personal information collected by us may be used or disclosed:
- for the purpose the patient was advised of at the time of collection of the information by us;
- as required for delivery of the health service to the patient;
- as required for the ordinary operation of our services (i.e. to refer the patient to a medical specialist or other health service provider);
- as required under compulsion of law; or
- where there is a serious and imminent threat to an individual’s life, health, or safety; or
- a serious threat to public health or public safety.
Other than as described in this Policy or permitted under the National Privacy Act, Golden Beach Medical Centre uses its reasonable endeavours to ensure that identifying health information is not disclosed to any person.
We keep health information for a minimum of 7 years from the date of last entry in the patient record (unless the patient was a child in which case the record must be kept until the patient attains or would have attained 25 years of age). This is because we are required to maintain such records under some laws.
Because of the sensitive nature of the information collected by us to provide its services, extra precautions are taken to ensure the security of that information. Our electronic files are password-protected on several levels, and the computer backup tapes are stored offsite.
We require all our employees and contractors to observe obligations of confidentiality in the course of their employment/contract. We require independent contractors to sign a confidentiality undertaking.
Medical practitioners who provide services at our practices may refer patients to the following services:
- pathology services
- radiology services;
- public hospitals;
- private hospitals;
- day procedure centres;
- specialist medical practitioners and other health providers involved in the relevant patient’s care which may include surgeons, nurses, occupational therapists, pharmacists, physiotherapists, psychologists, dietitians, audiologists, podiatrists and the ambulance service.
Secondary purposes which are directly related to the primary purpose of collection for which we may use or disclose personal information may be for quality assurance, training, billing, liaising with government offices regarding Medicare entitlements and payments and as may be required by our insurers.
We also collect information about the medical practitioners who provide services at our practices. This information is collected directly from or with the agreement of the medical practitioner. This information includes the name, address, qualifications and experience of the medical practitioner.
Email Policy for Patients
Communication with patients via electronic means is conducted with appropriate regard to privacy. Electronic communication includes email, facsimile and Short Message Service (SMS). Our practice will only provide information that is of a general, non-urgent nature and will not initiate electronic communication (other than SMS appointment reminders) with patients. Any electronic communication received from patients is also used as a method to verify the contact details we have recorded on file are correct and up to date.
Due to privacy and security regulations, communication via email is not preferred. Without passwords or encryption, it creates a risk that your e-mail may be intercepted, and read, by a third party. We will not be sending any private health information to you in this way without your express written and documented consent, within your health records. By providing us with written consent you are accepting any and all risks associated with communication via email.
When an email response is requested Golden Beach Medical Centre and Pelican Waters Family Doctors choose to encrypt file attachments containing sensitive information is not contained in the email body itself. The sending of encrypted emails is managed by the practice director or reception manager. All contact and consent is recorded in the patients personal file.
Accessing your information, complaints and obtaining further information
If an individual wishes to:
- complain to us about a breach of privacy; or
- access his or her own information held by us; or
- correct any information held by us concerning his or her own information; or
- find out more about how we deal with personal information, that individual can contact:
The Privacy Officer
C/O Practice Manager
Golden Beach Medical Centre
34 Landsborough Parade
Golden Beach QLD 4551