Statement

Our practice is committed to always maintaining privacy and confidentiality and requires that any information regarding individual patients, including staff members that may be patients, will not be disclosed in any form (verbally, in writing, electronic forms inside or outside our practice) except for strictly authorised use within patient care context or required by law.

For the purpose of this policy, no distinction has been made between the handling of personal information and sensitive information including health information, therefore all information will be referred to as “personal information” throughout this policy

Introduction

This privacy policy is to inform staff and patients how personal information is obtained, held and managed by Grace Medical Skin and Vein Centre. It also outlines and reinforces to staff and medical students their obligations and duties regarding privacy and confidentiality of our patients, and how we may need to share patients personal information to third parties for ongoing treatment.

Health Record Definition:  Any relevant record made by a health care practitioner at the time of, or subsequent to, a consultation and/or examination or the application of health management. Medical records cover an array of documents that are generated as a result of patient care.

Why and when consent is necessary

When a patient registers  at Grace Medical Skin and Vein Centre, they provide consent for our doctors and staff members to access and use their personal information to provide our patients with the best healthcare possible. Any requests for further use of information is made to in writing to the patient explaining the purpose of the request and obtain the patients written consent prior to the use or release of the information. 

Why do we collect, use, hold and share personal information?

Our practice will need to obtain a patients personal information to provide efficient healthcare services to them along with ongoing healthcare management. We will also use this information for business administration (including staff training), financial claims and billing purposes, practice audits and accreditation.

What personal information do we collect?

Personal information we will collect includes but not limited to:

  • Name, date of birth, address, telephone number, Medicare and DVA card numbers, Healthcare Identifier numbers
  • Next of kin and emergency contact details
  • Past and current medical history, immunisation history, medications, allergies, social history, family history, cultural background, gender and gender identity and risk factors.
  • Names of other healthcare providers, specialists and relevant medical referrals and reports.

Our practice staff ask our patients upon their arrival for their appointment to confirm their identity by asking 3 key identifier points such as:

  1. Confirming the patients name
  2. Confirming a patients date of birth
  3. Confirming the patients contact details (street address or telephone number)

Dealing with anonymously

You have the right to deal with us anonymously or under pseudonym unless it is impracticable for us to so or unless we are required or authorised by law to only deal with identified health individuals.

How do we collect personal information?

The practice may collect our patients personal information in several different ways:

  • When there is a first appointment made, our practice staff will collect personal and demographic information via registration.
  • During the course of providing medical services, we may collect further personal information. Information may also be collected through My Health Record and transferred records from previous practices.
  • When patients visit our website, send us an email, SMS or telephone us.

In some circumstances personal information may also be collected by other sources. Often this is because it is not practical or reasonable to collect it from the patient directly directly. This may include information from:

  • A guardian or responsible person
  • Other involved healthcare providers such as, specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services.
  • Private health funds, Medicare or the Depart of Veterans Affairs (DVA)

When, why and with whom do we share personal information?

We sometimes share your personal information:

  • With third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principals (APPs) released by the Office of Australian Information Commissioner (OASIC) and this policy
  • With other healthcare providers
  • When it is required or authorised by law (e.g. court subpoenas)
  • When it is Necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or if it is impracticable to obtain the patient’s consent
  • To assist in locating a missing person
  • To establish, exercise or defend and equitable claim
  • For the purpose of confidential dispute resolution process
  • Where there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification)
  • During the course of providing medical services, through eTP, My Health Record

Only people who need to access personal information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without the patients consent.

Generic referrals via consent in consult are set to use an automated template consisting of the patients name, address, contact details and the reasoning of the need for a referral. These referrals are sent electronically via Medial Objects or via fax from our staff or the patient may request a hard copy of their referral.

We will not share any personal information with anyone outside of Australia (unless under exceptional circumstances, permitted by law) without patient consent

Our practice will not use patients personal information for marketing of any goods or services directly to the patient without consent. If they do not consent, they may opt out of direct marketing at any time by notifying our practice in writing.

How do we store and protect personal information?

Our practice stores all personal information securely in electronic format (Best Practice). All computers used are to store personal information are password protected. A back up computer, located offsite is also password protected and secured in a locked cabinet. Documents and correspondence are scanned into electronic records, originals are then securely shredded. All staff and medical students sign and acknowledge a Privacy and Confidentiality agreement on commencement of their time with us to maintain the privacy and non-disclosure of all patient information, which is legally binding even after they cease employment with us.

How patients can access and correct personal information at our practice?

Patients have the right to request access to, and correction of, their personal information. Our practice acknowledges patients may request access to their medical records. We require the patients to put this request in writing and our practice will respond within 30 days. There will be a charge (to be advised) to print or transfer medical files to cover the cost of printing and administration. The records will not be sent by email or other non-secure media. It can be posted by registered mail or faxed to the contact details the patient provides in written consent. Our practice will take reasonable steps to correct the personal information where the information is not accurate or up to date. We will ask regularly to verify their personal information held by our practice that it is correct and current. The patients may also request that we correct or update their information; such requests should be made in writing to the practice manager.

How patients can lodge a privacy related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy very seriously. Patients should express any privacy concerns they may have in writing. We will attempt to resolve it in accordance with our resolution procedure. Our contact details are:

Practice Manager, Grace Medical Skin & Vein Centre, 16 Princess Street, Bundaberg East. QLD 4670

Phone: (07) 4152 8667,

Fax: (07) 4153 5424,

Email: office@gracemedical.net.au

We will respond within 30 days of writing.

Patients may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OIAC will require they  give them time to respond before they will investigate.

For further information: www.oaic.gov.au or call the OAIC on 1300 336 002 or email: mailto:enquires@oaic.gov.au

Privacy and our website

Cookies are pieces of information that a website transfers to a computer’s hard disk for record keeping purposes, website usage statistics or to provide enhanced functionality on the site. Our cookies may do some or all of these depending on the page and it’s functionality.

Generally, information obtained by the cookies is de-identified and does not constitute personal information, but it may include the IP address of the computer. We may use this information for additional functionality or to analyse usage patterns.

Patients are ultimately in control of their browser’s dealing with cookies. Most browsers are by default set to accept cookies but have the capacity to block or delete them. If they do not wish to receive any cookies they should set the browser to refuse cookies. In some instances, this may mean they may not be able to take the full advantage or parts of the Grace Medical skin & Vein website.

Email safety

We do not use encrypted email and cannot guarantee confidentiality of information sent by email. Patients  are welcome to email enquiries, suggestions or concerns to improve our services. Emails are checked by non-medical staff daily. We will try to reply to these enquires as soon as possible, however, patients should not email for any urgent enquires. No medical advice will be given through email due to confidentiality reasons.

My Health Record

My Health Record is an online summary of key health information that is accessible by all treating health professionals. Grace Medical Skin and Vein Centre will update information on this service on a regular basis to ensure other health professionals involved in healthcare, such as specialists and hospitals, will be able to quickly access up to date information about your health. For further information regarding My Health Record, we recommend you visit https://www.digitalhealth.gov.au/initiatives-and-programs/my-health-record and make changes such as privacy and/or opt out on MyGov.

If you do not consent to having your health information uploaded to My Health Record, you can either opt out in MyGov and advise your treating health professional.

Telehealth

At the commencement of a telehealth consultation, in accordance with patient identification, the patient’s identity is verified, and verbal consent is obtained from the patient to proceed; this consent is particularly important in situations where it is evident that the patient is not in a private location or is not alone. Patients must consent to real-time audio and visual consultations, these consultations provided by our practice are not recorded, nor duplicated or stored as the practitioner completes their consultation notes during the consultation.

 In situations where a third party is involved in the consultation, whether requested by the general practitioner or present with the patient, consent from the patient will be obtained in accordance with third party observing or clinically involved in the consultation.

Review : This policy is reviewed on an annual basis, or more frequently in response to changes in legal or professional guidelines when applicable. The next review date will be, if not needed sooner, September, 2025