3.1 PRIVACY POLICY & STATEMENT

In the course of providing our services to you, Yarrawonga Denis Medical Group will collect your personal and health information. At YDMG all personal and health information is managed in accordance with the Privacy & Data Protection Act 2014 (previously Information Privacy Act 2000), Health Records Act 2001 (Vic), Healthcare Identifiers Act 2010 (Cth) and the Privacy Act 1988 including the 13 Australian Privacy Principles (APPs).

At YDMG we take privacy and security of personal health information very seriously. The policies and procedures of this practice apply to all doctors, staff, medical students, allied health practitioners and anyone else who may need access to personal health information in order to perform their normal duties.

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

 

Who you can contact about this policy

For enquiries concerning this policy you can contact our Privacy Officer or the Practice Manager on (03) 5744 1777 or at email feedback@denismed.com.au

 

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information to facilitate the delivery of healthcare, and so they can provide you with the best possible healthcare.  Access to your personal information is restricted to practice team members who require it for your care.  If we need to use your personal information for purposes other than outlined in this document, we will obtain additional consent from you.

It is important to us that as our patient, you understand why we collect and use your personal information.  By acknowledging this Privacy Policy and signing the consent on the New Patient Registration Form.

 

Why we collect, use, hold and share your personal information?

Our practice collects, uses, stores, and shares your personal information primarily to manage your health safely and effectively.  This includes providing healthcare services, managing medical records, and ensuring accurate billing and payments.  Additionally, we may utilise your information for internal quality and safety improvement processes such as practice audits, accreditation purposes, and staff training to maintain high-quality service standards.

 

What personal information do we collect?

The information we collect about you includes your:

• Names, date of birth, addresses, contact details
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
• Medicare number (where available) for identification and claiming purposes
• Healthcare identifier numbers
• Health fund details (if applicable)

If you do not provide information requested, our ability to provide our services to you may be impaired. We reserve the right to withdraw or not provide our services if we believe they may be compromised by a lack of information or we would be unable to meet legal obligations.

 

Dealing with us anonymously or with a pseudonym

The nature of general practice and the provision of healthcare do not easily accommodate the notions of anonymity and pseudonymity.  Medical histories are required and identities need to be confirmed before a GP can make a diagnosis or prescribe medications. GPs are required by law to report certain events and circumstances, such as communicable diseases and child abuse.  A patient may experience detriment in their treatment if they choose to remain anonymous.  Taking into account the above information, you have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals¹ ² ³.

 

How do we collect and store your personal information?

Our practice may collect your personal information in several different ways:

• When you make your first appointment our practice staff will collect your personal and demographic information via your New Patient Registration Form. This form contains a “collection statement” which patients are required to read and sign.
• We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
• In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly.  This may include information from:
• your guardian or responsible person
• other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
• your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
• While providing medical services, further personal information may be collected via:
• Electronic prescribing
• My Health Record
• Online appointments.

In most cases, we will collect information directly from you, or at your request or with your consent, from your previous health providers.

Various types of images may be collected and used, including:

• CCTV footage – collected from our premises for security and safety purposes.
• Photos and medical images for medical purposes – X-rays, CT scans, videos and photos.

We will always comply with privacy obligations when collecting personal information from third-party sources.  This includes ensuring transparency with patients, obtaining necessary consents, maintaining data accuracy, securing the information, and using it only for specified purposes.

 

When, why and with whom do we share your personal information?

We sometimes share your personal information:

• with third parties for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles (APPs) and this Policy
• with other healthcare providers, eg. in referral letters
• when it is required or authorised by law (eg. court subpoenas)
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of confidential dispute resolution process
• when there is a statutory requirement to share certain personal information (eg. some diseases require mandatory notification)
• when it is provision of medical services, through electronic prescribing, My Health record (eg, via Shared Health Summary, Event Summary)

Who has access?

Only people who need to access your information will be able to do so.  Other than providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia, (unless under exceptional circumstances that are permitted by law) without your consent.

 

Will your information be used for marketing purposes?

Our practice will not use your personal information for marketing any goods or services directly to you without your express consent.  If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

 

How is your information used to improve services?

• Our practice may use your personal information to improve the quality of the services offered to patients through research, analysis of patient data for quality improvement and for training activities with the practice team
• We may provide de-identified data to other organisations to improve population health outcomes. If we provide this information to other organisations patients cannot be identified from the information we share, the information is secure and is stored within Australia.  You can let our reception staff know if you do not want your de-identified information included
• research related purposes – we may provide non-identifying aggregated data to approved research bodies undertaking research that has been subject to ethical clearances.

How are document automation technologies used?

Document automation is where systems use existing data to generate electronic documents relating to medical conditions and healthcare.  Our practice uses document automation technologies to create documents such as referrals, which are sent to other healthcare providers.  These documents contain only your relevant medical information.  These document automation technologies are used through secure medical software Best Practice.

All users of the medical software have their own unique user credentials and password and can only access information that is relevant to their role in the practice team.

The practice complies with the Australian privacy legislation and APPs to protect your information.  All data, both electronic and paper are stored and managed in accordance with the Royal Australian College of General Practitioners (RACGP) https://www.racgp.org.au/running-a-practice/security/managing-practice-information/privacy-of-health-information

 

How do we store and protect your personal information?

Your data and personal information may be stored at our practice in various forms eg. as paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings. Our practice securely stores and protects personal information eg. electronic format, in protected information systems or in hard copy format in a secured environment.  All staff are required to sign a Confidentiality Agreement, we use individual passwords and log-in for each staff member to access our practice clinical and appointment management software and also to gain access to a computer system.  Our systems monitor who accesses records and why and only those who need to access your information will be able to do so ie. various levels of access.

Our practice has systems in place to protect the privacy, security, quality and integrity of the data held electronically. Some of the steps we take to secure the personal information we hold include ICT security (such as endpoint detection response, anti-virus software, event monitoring, encryption, firewalls, authentication and authorisation controls), secure office access, personnel security and training and workplace policies.

We will take all reasonable precautions to:

• protect your information from misuse, loss and unauthorised access, modification and disclosure; and
• ensure that your information is accurate, complete and up-to-date.

How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information.  Our practice acknowledges patients may request access to their medical records.  We require you to put this request in writing – by completing a Patient Request for Personal Health Information/Medical Records Application Form which is available at reception. You will be asked for verification of your identity and our practice will respond within 30 days.  Please note that if the practice complies with such a request, this may incur a fee to the patient.

You can speak with your doctor if you would like a summary of your care.

While you have a right to access your information, the FOI Act and privacy legislation does include some exceptions to this right of access.

If you are seeking the transfer of your information to another healthcare provider, please speak with your doctor or the reception staff.

You have a right to request that we correct your information if it is not accurate, complete or up-to-date.

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date.  From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to our Privacy Officer.

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously.  You should express any privacy concerns you may have in writing.  We will then attempt to resolve it in accordance with our Complaints Management policy and procedure, within 30 days of receipt of your written concerns.  You can make complaints via the following ways:

• via our nominated email address to the Privacy Officer – feedback@denismed.com.au .
• Sending a written letter by post, or hand delivery to: Privacy Officer, Yarrawonga Denis Medical Group, 72 Woods Road, Yarrawonga, Vic., 3730
• You may also phone the Privacy Officer on (03) 5744 1777, but please note that you will be asked to put your concerns in writing.
• You may also contact the OAIC, Generally the OAIC will require you to give them time to respond before they will investigate.  For further information visit oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our Website

At YDMG, any personal information you share with us through website, email, and social media, is handled securely and confidentially.  This practice uses analytics and cookies.  Any personal information that patients give to us, including email addresses, will only be used in the following ways:

• We will not provide your personal data to any third party without your permission
• We do not automatically collect your personal email address simply because you visit our site
• If we join with a third party to provide services and you sign up for those services, we will share your name and other contact information necessary for our partner to provide the services to you
• If you view specific pages or download information from specific pages on our website, we will track and add the number of your visits to the aggregate number of visits by all users in order to better design our website
• We may share aggregate demographic information with our affiliates. This is not linked to any personal information that can identify you or any other visitor to our website.

YDMG’s website may contain links to other sites.  Please be aware that YDMG is not responsible for the privacy practices of any linked sites.  We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit.  Any links to external sites are provided for your convenience.  The information, products and advertisements contained in the linked sites are neither approved nor endorsed by YDMG, and YDMG is not responsible for such information, products or advertisements.

Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience.  In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Ad-words.  These ads may appear on this website or other websites you visit.  Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site.  Cookies are not malicious programs that access or damage your computer.  Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings, however, this may prevent you from taking full advantage of various websites.

Policy Review Statement

This privacy policy statement will be reviewed regularly to ensure compliance with current obligations.  If any changes are made:

• They will be reflected on the website.
• Significant changes may be communicated directly to patients via email or other means.

Please check the policy periodically for updates.  If you have any questions, feel free to contact us.

 

References and Guidelines utilised in developing this Policy:
RACGP Standards 5^th Edition Criterion C1.1, C3.6B, C6.3A
RACGP Privacy policy template for general practices
RACGP Privacy and managing health information in general practice
Privacy Act 1988, Australian Privacy Principles