Practice Policy
Clinic Privacy Policy – updated 20.01.2023
Waverley Police Road Medical Centre is bound by the Federal Privacy Act (1988), Australian Privacy Principles (APPs) and with the Victorian Health Records Act (2001). The clinic recognizes the importance of protecting the privacy and the rights of individuals in relation to their personal information.
Personal information is information that identifies you or could reasonably identify you. This can include any information collected and held to provide a health service. This information includes medical details, family information, name, address, contact details, employment, ethnicity and other demographic data, past medical and social history, genetic information, current health issues and future medical care, Medicare number, accounts details and any health information such as a medical or personal opinion about a person’s health, disability or health status. It includes the formal medical record, whether written or electronic and information held or recorded on any other medium, eg letter, fax, electronically or information conveyed verbally. We may collect some information that is not considered personal information, as it does not identify you or anyone else, eg de-identified responses to patient feedback surveys. Your personal information may be obtained directly from you or from third parties such as other medical practitioners such as former GPs and specialists, other health care providers, including but not limited to hospitals, day surgery centres, dentists, nurses, allied health professionals, relatives, employers, law enforcement agencies and other government entities.
This serves to provide medical services of diagnosis, treatment or referral to pathology or radiology services or another health care provider or hospital, for administrative and billing purposes, to update our records, for complaint handling and quality assurance, to comply with any law, rule and regulations, for data research and analysis, for a recall register to monitor or prevent chronic disease, for reporting to the Australian Childhood Immunization Register, when appropriate to report back to your employer, to answer any queries about the services provided, to provide information to third parties with your consent or when legislated by law, to meet the obligations of notification to our medical defence organisations or insurers.
When you use our website, we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.
Our website and our email communication may contain links to third-party websites. We do not control third-party websites or any of their content and if you visit these websites, they will be governed by their own terms of use (including privacy policies).
Personal information will only be used for the purpose of providing medical services and for claims and payments, unless consented otherwise. Disclosure may occur to third parties engaged by the practice or for business purposes, eg clinic accreditation. Patients will be advised when there is a statutory requirement to disclose personal information (eg mandatory reporting of child abuse or certain communicable diseases) or when medical records have been subpoenaed by courts. The clinic will not disclose any personal information to any third party other than those related to providing our medical services unless consent is obtained. Exceptions to disclose without patient consent are where the information is required by law, necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent, to assist in locating a missing person, to establish, exercise or defend an equitable claim or for a confidential dispute resolution process. We may use electronic processes to disclose your personal information (such as to generate appointment bookings, referrals, results or e-Scripts).
Doctors, allied health practitioners and all other staff and contractors associated with this practice have a responsibility to maintain the privacy of personal health information and related financial information. Our practice is mostly paperless and has systems in place to protect the privacy, security, quality and integrity of the personal health information held electronically. Paper waste with personal information is shredded on site by a third party.
Patients are entitled to access their health records, by making a request in writing addressed to the doctor concerned, at a time convenient to both themselves and the practice. A charge may be imposed for photocopying, scanning, staff time involved in processing the patient’s request and registered postage costs where applicable. If the information recorded is inaccurate, you are entitled to correct that information.
Access can be denied under some circumstances :
- To provide access would create a serious threat to life or health
- There is a legal impediment to access
- The access would unreasonably impact on the privacy of another
- The patient’s request is frivolous
- The information relates to anticipated or actual legal proceedings and you would not be entitled to access the information in those proceedings
- In the interests of national security