The purpose of this policy is to set out how Geriatric Care Australia Pty Ltd collects and manages your personal information (including but not limited to patient health information). Geriatric Care is committed to ensuring the privacy and confidentiality of personal information it collects. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
Personal information we may collect
If you are a patient, the personal information we collect about you may include: information about your medical history, test results, family medical history, ethnic background, Medicare, health fund and insurance details, billing/account details, current lifestyle, next of kin, emergency contact and other information that may be relevant to your diagnoses, treatment or healthcare. We may also collect information about your interactions with us, including your responses to patient surveys relating to service improvement. We may take photographs or audio-visual recordings of you in a clinical context in connection with your treatment or healthcare. We will only collect information about your health, or other sensitive information about you (including taking photographs or audio-visual recordings of you), if we have your consent to do so or if it is otherwise permitted by law.
Referring clinicians and other healthcare professionals
If you are a referring clinician or other healthcare professional who is involved in treating our patients, the personal information we collect about you may include your name, contact details, professional details (including qualifications) and information regarding your interactions or work with us.
We may also collect personal information about other members of the public, including visitors and families and medical professionals. The types of personal information we may collect about these individuals includes their name, contact details, identification information, and any relationship they may have to a patient or member.
How we collect personal information
Where practicable, we will collect your personal information directly from you, but we may sometimes also collect information from third parties, including family members, referring clinicians and other healthcare professionals and service provider organisations. We will only collect health information from a third party if you have consented or where we are otherwise permitted by law to do so, such as in a medical emergency.
Why we collect and how we use personal information
We collect and use personal information for the following purposes:
Providing our healthcare services;
Performing activities that are reasonably incidental to our ordinary course operations, such as:
administration functions, including scheduling appointments and billing; and
education, training, quality assurance and other analytical activities to evaluate and improve our patient management processes, patient outcomes, and broader healthcare and healthcare delivery;
Complying with our legal obligations, including in relation to statutory and public health reporting requirements, such as mandatory reporting of child abuse or the notification of diagnosis of certain communicable diseases;
Sending communications to referring clinicians and other healthcare professionals, such as clinical updates, information about our services, events, and other news relevant to them or their practice; and other purposes with your consent.
Dealing with enquiries, complaints and legal proceedings;
Research and development
In addition to the above, we may also use your information in de-identified form (de-identified meaning no specific reference to name, date of birth, address or other personally identifying information) for the purposes of research, service and product development activities. For example, this may include the development of new diagnostic tools, services and products, treatment methods and pathways as well as collaborating with like-minded public and private organisations to improve patient health and wellbeing. As we only use de-identified information for these purposes, you will not be identified as part of any of these activities.
Occasionally we may receive requests from external researchers who wish to conduct research using information in identifiable form. Any such researchers must follow strict ethical guidelines, including by asking for your consent to be part of their research. We will not share any identifiable information for research purposes without your consent.
When we share information
We may need to disclose your information for one or more of the purposes described above. For example, depending on the circumstances, we may need to disclose your information to:
Referring clinicians and other healthcare professionals, such as pathologists, radiologists, allied health professionals, pharmacists, in relation to the provision of healthcare services to you;
Government agencies, where we provide health services to you under a contract with that agency and are required to provide the information under the relevant contract;
Private hospitals and other private healthcare providers, where we provide health services to you under a contract with that provider and are required to provide the information under the relevant contract;
Your close relatives, close friends, and personal representatives who are legally responsible for your healthcare decisions (though we will not do this if you tell us not to);
Your lawyers and insurance companies that have been authorised by you to obtain personal information from us;
Government authorities where we are required to do so by law or in response to an order issued by a court or tribunal, such as where we are required to produce records in relation to court proceedings;
Medical defence organisations, insurers, medical experts or lawyers who work for us and help us to deal with enquiries, complaints and legal proceedings;
External service providers and advisors who help us run our business, including software vendors and service providers who help run our IT systems
My Health Records
If you have chosen to participate in the My Health Record program operated by the Commonwealth Department of Health, we may access personal information stored in your My Health Record if the access permissions you have set allow this. When requested to do so, we may disclose your personal information by uploading your health information electronically to the My Health Record system.
If you do not want us to access personal information stored in your My Health Record, or to upload health information to it, you may opt out or choose to modify access controls within the My Health Record system.
How we hold and protect personal information
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of service providers who provide data storage, hosting and cloud computing services. In all cases we implement a range of measures to protect the security of that personal information. Please note that any information that you send to us by electronic means may not be secure in transit unless it is encrypted. We are not responsible for the security of your information before it comes into our possession.
Geriatric Care Australia are subject to a range of rules relating to the periods for which health information and records must be retained. We must generally retain health information about an individual:
for at least 7 years from the last occasion on which we provided a health service to the individual
if we collected the information when the individual was 18 years old or older; or at least until the individual turns 25
if we collected the information when the individual was less than 18 years old.
How to access or seek correction of personal information
You may request access to any personal information we hold about you by contacting our Privacy Officer using the contact details set out below.
Please also let us know if your personal details change (for example, your name or contact details), or if you notice errors or discrepancies in information we hold about you. You may do this at your next appointment with us or by contacting our Privacy Officer using the contact details set out below.
We may ask you to verify your identity when you make an access or correction request. There may also be circumstances in which we will not be able to comply with your request. In these cases, we will provide reasons for why we can’t comply and will explain what other options may be available to you.
Assignment of benefit
You agree to the assignment of the Medicare benefit directly to the health professional so you can be bulk billed.
If you visit our website, we may record various technical information such as your IP address, browser type, domain names, access times and referring website addresses. We use this information to run our websites and for analytical purposes.
What to do if you have any privacy issues or complaints
If you have any concerns about how we handle your personal information, or you wish to make a complaint on the basis that we have breached the Australian Privacy Principles prescribed by the Privacy Act 1988 (Cth), please contact us so we can investigate it. You will need to send us a written complaint (see details on how to contact us below).
We will endeavour to respond to your complaint within a reasonable time after it is made. If we are unable to resolve your complaint, we will escalate the issue to the relevant senior leadership team member for review and resolution.
You can contact our Privacy Officer in the following ways:
Post: Angel Place, Level 17, 123 Pitt Street, Sydney NSW 2000 (Attention: Privacy Officer)