PRIVACY POLICY & STATEMENT

In the course of providing our services to you, Yarrawonga Denis Medical Group will collect your personal and health information. At YDMG all personal and health information is managed in accordance with the Privacy & Data Protection Act 2014 (previously Information Privacy Act 2000), Health Records Act 2001 (Vic), Healthcare Identifiers Act 2010 (Cth) and the Privacy Act 1988 including the 13 Australian Privacy Principles (APPs). 

At YDMG we take privacy and security of personal health information very seriously. The policies and procedures of this practice apply to all doctors, staff, medical students, allied health practitioners and anyone else who may need access to personal health information in order to perform their normal duties. 

This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.

Why and when your consent is necessary

When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare.  Only staff who need to see your personal information will have access to it.  If we need to use your information for anything else, we will seek additional consent from you to do this.

Why we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you.  Our main purpose for collecting, using, holding and sharing your personal information is to manage your health.  We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (eg. staff training).  Information is collected for a range of purposes which include:

• to assist us to provide you with optimal ongoing management of your health and wellbeing; 
• to make and change appointments; and 
• for various other administrative functions associated with our services e.g. record-keeping, billing, claims processing, and referrals. 
• Practice audits and accreditation.

What personal information do we collect? 

The information we will collect about you includes your:

• Names, date of birth, addresses, contact details
• Medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
• Medicare number for identification and claiming purposes
• Healthcare identifiers
• Health fund details (if applicable)

If you do not provide information requested, our ability to provide our services to you may be impaired. We reserve the right to withdraw or not provide our services if we believe they may be compromised by a lack of information or we would be unable to meet legal obligations. 

Dealing with us anonymously or with a pseudonym

The nature of general practice and the provision of healthcare do not easily accommodate the notions of anonymity and pseudonymity.  Medical histories are required and identities need to be confirmed before a GP can make a diagnosis or prescribe medications. GPs are required by law to report certain events and circumstances, such as communicable diseases and child abuse.  A patient may experience detriment in their treatment if they choose to remain anonymous.  Taking into account the above information, you have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals¹ ² ³.  

How do we collect and store your personal information? 

Our practice may collect your personal information in several different ways:

1. When you make your first appointment our practice staff will collect your personal and demographic information via your New Patient Registration Form.  This form contains a “collection statement” which patients are required to read and sign.
2. During the course of providing medical services, we may collect further personal information eg. electronic transfer of prescriptions (eTP), eHealth services, My Health Record, eg. via Shared Health Summary, Event Summary.
3. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media.
4. In some circumstances personal information may also be collected from other sources.  Often this is because it is not practical or reasonable to collect it from you directly.  This may include information from:

• your guardian or responsible person 
• other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services
• your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

In most cases, we will collect information directly from you, or at your request or with your consent, from your previous health providers. 

When, why and with whom do we share your personal information? 

We sometimes share your personal information:

• with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with Australian Privacy Principles and this Policy
• with other healthcare providers, eg. specialist healthcare providers for the management of your ongoing healthcare and treatment, to seek professional opinion or manage a referral to or from another provider
• when it is required or authorised by law (eg. Court subpoenas)
• when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
• to assist in locating a missing person
• to establish, exercise or defend an equitable claim
• for the purpose of confidential dispute resolution process
• when there is a statutory requirement to share certain personal information (eg. some diseases require mandatory notification)
• during the course of providing medical services, eg. eTP, eHealth services, My Health Record eg. via Shared health Summary, Event Summary, your health fund, Medicare, or the Department of Veterans’ Affairs (if applicable)
• Our practice may use your personal information to improve the quality of services we offer to our patients through research and analysis of our patient data
• We may provide de-identified data to other organisations to improve population health outcomes.  The information is secure, patients cannot be identified and the information is stored within Australia.  You can let our reception staff know if you do not want your information included
• research related purposes – we may provide non-identifying aggregated data to approved research bodies undertaking research that has been subject to ethical clearances. 

Who has access? 

Only people who need to access your information will be able to do so.  Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

We will not share your personal information with anyone outside Australia, (unless under exceptional circumstances that are permitted by law) without your consent.

Our practice will not use your personal information for marketing any of our goods or services directly to you without your express consent.  If you do consent, you may opt out of direct marketing at any time by notifying our practice in writing.

How do we store and protect your personal information?

Your data and personal information may be stored at our practice in various forms eg. as paper records, electronic records, visual records (X-rays, CT scans, videos and photos), audio recordings. Our practice securely stores and protects personal information eg. electronic format, in protected information systems or in hard copy format in a secured environment.  All staff are required to sign a Confidentiality Agreement, we use individual passwords and log-in for each staff member to access our practice clinical and appointment management software and also to gain access to a computer system.  Our systems monitor who accesses records and why and only those who need to access your information will be able to do so ie. various levels of access.

Our practice has systems in place to protect the privacy, security, quality and integrity of the data held electronically. Some of the steps we take to secure the personal information we hold include ICT security (such as endpoint detection response, anti-virus software, event monitoring, encryption, firewalls, authentication and authorisation controls), secure office access, personnel security and training and workplace policies.

We will take all reasonable precautions to: 

• protect your information from misuse, loss and unauthorised access, modification and disclosure; and
• ensure that your information is accurate, complete and up-to-date. 

How can you access and correct your personal information at our practice? 

You have the right to request access to, and correction of, your personal information.  Our practice acknowledges patients may request access to their medical records.  We require you to put this request in writing – by completing a Patient Request for Personal Health Information/Medical Records Application Form which is available at reception. You will be asked for verification of your identity and our practice will respond within 30 days.  Please note that if the practice complies with such a request, this may incur a fee to the patient.

You can speak with your doctor if you would like a summary of your care. 

While you have a right to access your information, the FOI Act and privacy legislation does include some exceptions to this right of access. 

If you are seeking the transfer of your information to another healthcare provider, please speak with your doctor or the reception staff. 

You have a right to request that we correct your information if it is not accurate, complete or up-to-date. 

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date.  From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests in writing to our Privacy Officer.

Research related purposes 

We may provide non-identifying aggregated data to approved research bodies undertaking research that has been subject to ethical clearances. 

For more information 

If you have any queries or concerns about how your information is managed, please contact the Privacy Officer, Yarrawonga Denis Medical Group on 03 5744 1777

How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously.  You should express any privacy concerns you may have in writing.  We will then attempt to resolve it in accordance with our Complaints Management policy and procedure, within 30 days of receipt of your written concerns.  You can make complaints via the following ways:

• via our nominated email address to the Privacy Officer – feedback@denismed.com.au .
• Sending a written letter by post, or hand delivery to: Privacy Officer, Yarrawonga Denis Medical Group, 72 Woods Road, Yarrawonga, Vic., 3730
• You may also phone the Privacy Officer on (03) 5744 1777, but please note that you will be asked to put your concerns in writing.
• You may also contact the OAIC,  Generally the OAIC will require you to give them time to respond before they will investigate.  For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

Privacy and our Website

We want you to feel comfortable using our website.  Any personal information that patients give to us, including email addresses, will only be used in the following ways:

• Personal data given to us by you will be securely stored
• We will not provide your personal data to any third party without your permission
• We do not automatically collect your personal email address simply because you visit our site
• If we join with a third party to provide services and you sign up for those services, we will share your name and other contact information necessary for our partner to provide the services to you
• If you view specific pages or download information from specific pages on our website, we will track and add the number of your visits to the aggregate number of visits by all users in order to better design our website
• We may share aggregate demographic information with our affiliates.  This is not linked to any personal information that can identify you or any other visitor to our website.

YDMG’s website may contain links to other sites.  Please be aware that YDMG is not responsible for the privacy practices of any linked sites.  We encourage users who leave our site to read the privacy statements of each and every linked website that they choose to visit.  Any links to external sites are provided for your convenience.  The information, products and advertisements contained in the linked sites are neither approved nor endorsed by YDMG, and YDMG is not responsible for such information, products or advertisements.

Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience.  In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Ad-words.  These ads may appear on this website or other websites you visit.  Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site.  Cookies are not malicious programs that access or damage your computer.  Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings, however, this may prevent you from taking full advantage of various websites. 

Policy Review Statement

This privacy policy statement will be reviewed regularly to ensure it is in accordance with any changes that may occur.  Review and updated dates will be able to be seen on the policy which will be displayed in our clinic and on our website.