Privacy Policy current as of June 2023
Introduction
At Narara Valley Medical we are committed to your privacy and take our privacy obligations seriously. Our practice complies with the standards set out by the Privacy Act (1988) and the Australian Privacy Principals.
Our privacy policy below is to provide information to our patients, on how your personal information including your health information, is collected and used within our practice, and the circumstances in which we may share it with third parties.
Why and when your consent is necessary
When you register as a patient of our practice, you provide consent for our doctors, registered nurses and reception team to access and use your personal information, so they can provide you with the best possible healthcare. Only practice employees who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
Why do we collect, use, hold and share your personal information?
Our practice will need to collect your personal information including your health information, to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits, practice accreditation and other business processes.
Definition of a Patient Health Record
The primary purpose of a clinical health record is to hold information about patients that is required for effective care. Good patient information supports appropriate clinical decisions. At Narara Valley Medical our records are kept electronically using Medical Director.
What personal information do we collect?
The information we will collect about you includes:
- name, date of birth, address, contact details
- cultural identification
- next of kin and emergency contact details
- medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors
- Medicare number (where available) for identification and claiming purposes
- Pension number and/or DVA number
- copy of photo id (only when required)
Dealing with us anonymously
You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals.
How do we collect your personal information?
Our practice may collect your personal information in several different ways.
- When you make your first appointment, our reception team will collect your personal and demographic information via your registration.
- During the course of providing medical services, we may collect further personal information including health information through other involved healthcare providers, electronic transfer of prescriptions (eTP) and My Health Record.
- We may also collect your personal information when you visit our website, send us an email or SMS, telephone us or make an online appointment.
- In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:
- your guardian or responsible person
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, pathology and/or diagnostic imaging services
- your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).
When, why and with whom do we share your personal information?
We sometimes share your personal information:
- with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers – these third parties are required to comply with APPs and this policy
- with other healthcare providers
- when it is required or authorised by law (eg court subpoenas)
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent
- to assist in locating a missing person
- to establish, exercise or defend an equitable claim
- for the purpose of confidential dispute resolution process
- when there is a statutory requirement to share certain personal information (eg some diseases require mandatory notification)
- during the course of providing medical services, through My Health Record
Only people who need to access your information will be able to do so. Other than in the course of providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.
Recording Patient telephone or telehealth consults.
All consultations are private and only relevant doctors can access patient notes. Our practice DOES NOT record telehealth video or telephone consultations and we do not give patients permission to make their own recordings of a telehealth video or phone consultations. If your specialist or your GP thinks it would be helpful in your treatment to record particular images during your telehealth video or telephone consultation, they would first seek your written permission to do so and they would ask you to repeat your consent on camera (if recording).
Written Referrals
The referring GP must have undertaken a professional attendance with the patient, considered the need for the referral and communicated only relevant information about the patient to the medical specialist. Medical Director is set up to only provide relevant information. This will alleviate any irrelevant information being sent to the medical specialist.
The referral must be in written as a letter or note to the medical specialist, and must be signed and dated.
The medical specialist, the patient visits, must receive the letter or note, on or prior to the occasion of their initial or subsequent consultation related to the referral
How do we store and protect your personal information?
Your personal information may be stored at our practice in various forms:
- paper records
- electronic records, My Health Record
- visual records (ie Xrays, CT scans, video and photos)
Our practice stores all personal information securely in either electronic or hard copy format. Narara Valley Medical takes steps to ensure that all stored information is retained in a secure environment that is only accessible to our doctors, registered nurses and other approved practice employees. All our computers are protected by anti-viral software, appropriate firewalls, require personal logons and are password protected. Our practice also has strict backup procedures in place that ensure security of patient data at all times. In addition, all practice employees are required to sign confidentiality agreements when joining our team.
How can you access and correct your personal information at our practice?
You have the right to request access to, and correction of, your personal information.
Our practice acknowledges patients may request access to their medical records. We require you to put this request in writing and our practice will respond within a reasonable time usually within 30 days.
Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request in writing that we correct or update your information.
All requests should marked ‘Private and Confidential’ and addressed to:
The Practice Manager
Narara Valley Medical
100 Narara Valley Drive,
NARARA, NSW, 2250
How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?
At Narara Valley Medical we take complaints and concerns regarding the privacy of our patients seriously. You should express any privacy concerns you may have in writing. Our practice manager will then attempt to resolve it in accordance with our resolution procedure. All complaints will be reviewed by our practice manager and/or principal Dr Russell Spinks and responded to within 30 days.
Please mark ‘Private and Confidential’ and address to:
The Practice Manager
Narara Valley Medical
100 Narara Valley Road
Narara NSW 2250
You may also contact the OAIC. Generally, the OAIC will require you to give our practice time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
Privacy and our website
Cookies are pieces of information that a website transfers to your computer hard disk to provide enhanced functionality on our website and to our practice with website usage statistics. Generally, the information obtained by cookies is de-identified but may include the IP address of your computer. We may use this information for additional functionality or to analyse usage patterns our website.
Most browsers are by default set to accept cookies; however you do have the option to block or delete them. If you do not want information collected and used through the use of cookies, you should set your browser to refuse cookies however in doing so you may not be able to use all the features of our website.
Our website may provide links to third party websites. These linked sites are not under our control and we are not responsible for the content or privacy practices employed by those websites. Before disclosing your personal information on any other website, we recommend that you carefully read the terms and conditions of use and privacy statement of the relevant website.
Our Methods of Communicating
We may contact our patients directly or mail our patients communications about our services that we consider mat be of interest to you and your healthcare. Unless you have indicated that you do not wish to receive such information, we may contact you on your nominated phone number, email or postal address.
At any time you choose to opt out of receiving communications from us, please advise our reception team, select the opt-out option on the communication or advise us in writing sending your request to:
The Practice Manager
Narara Valley Medical
100 Narara Valley Road
Narara NSW 2250
We will not disclose your personal information to other organizations for the purpose of such communications.
Our privacy policy reviews
Our practice privacy policy is reviewed regularly to ensure it is in accordance with any changes that may occur. A current copy of our privacy policy is always available on our website at nararavalleymedical.com.au or you may request a copy from our reception team anytime.
NEXT REVIEW DATE: JULY 2024