Further information on privacy legislation is available from:
- Health Care Complaints Commission 1800 043 159
- Anti-Discrimination Commission NSW 02 9268 5588
Protecting the Privacy of Your Personal Information
For the purposes of this Policy, no distinction has been made between the handling of personal information and sensitive information (including health information) #, therefore all information will be referred to as “personal information” throughout this Policy.
Any complaints in relation to Reliance Medical Practice handling of personal information should be directed to the Privacy Officer.
Unless a complaint can be dealt with immediately to the satisfaction of both parties, the Reliance Medical Practice will provide a written response to the complainant within 14 days of it being received.
If an individual believes their complaint has not been appropriately handled by this Practice, they should contact the Office of the Federal Privacy Commissioner, Privacy Hotline 1300 363 992 (local call charge) or via www.privacy.gov.au.
Any enquiries regarding this Policy should, in the first instance, be directed to Reliance Medical Practice, Privacy Officer: Jess Abdilla: Area Practice Manager
The Reliance Medical Practice will provide a copy of this Policy to all members of staff and will train staff in the appropriate handling of personal information by this Practice.
This policy is a public document and access to it will be granted on request.
Reliance Medical Practice will only collect personal information necessary to provide our patients with a quality health service.
1.1. Personal information about a patient will only be collected by lawful and fair means and directly from the patient wherever possible.
1.2. If information is collected about a patient from another party, the Reliance Medical Practice, will whenever possible, advise the patient of this.
1.3. Wherever practical the Reliance Medical Practice will only collect information directly from the patient. This may not be possible if the patient is unconscious or otherwise incapable of providing that information.
1.4. We will ensure that each patient providing personal information is informed about and understands the purpose of collecting the information. They will also be advised as to whom or under what circumstances their personal information may be disclosed to another party and how they can access the information held about them by the Reliance Medical Practice. This will be carried out via notices and/or brochures and/or verbally.
1.5. We will ensure that patients who are asked to provide personal information understand the consequences, if any, of providing incomplete or inaccurate information.
2. Use & Disclosure
Reliance Medical Practice will ensure that personal information will only be used for the purpose it was collected, or that would reasonably be expected by the patient providing the information.
2.1. If the identified information is to be used for a secondary or unrelated purpose, such as data analysis or research, we will obtain informed consent from the patient.
2.1.1. Individuals will be given the opportunity to refuse such use or disclosure.
2.1.2. If a patient is physically or legally incapable of providing consent, a responsible person## (as described under the Act) may do so.
2.2. We will only disclose personal information without consent where such disclosure is required by law, or for law enforcement, or in the interests of the patient’s or the public’s health and safety.
2.2.1. We will keep records of any such use and disclosure.
2.2.2. Information may be disclosed to a responsible person (as described under the Act).
3. Data Quality
Reliance Medical Practice will take reasonable steps to ensure that personal information kept, used or disclosed by this Practice is accurate, complete, and as up to date as practicable.
4. Data Security
4.1. All personal information held by Reliance Medical Practice will be:
if in paper form, received and stored in a secure, lockable location;
if in electronic form, protected from theft, loss or corruption;
accessible by staff only on a “need to know” basis;
protected from viewing or access by unauthorised persons; and
not taken from the Reliance Health offices unless authorised and for a specified purpose.
4.2. We will destroy or permanently de-identify personal information that is no longer required by Reliance Medical Practice
4.3. We will ensure that all personal information transmitted electronically will be appropriately encrypted before transmission.
5. Notifiable Data Breaches Scheme
From 22 February 2018 as per APPS we have an obligation to report to you any eligible data breaches. Reliance Medical Practice Entities will take all reasonable steps to ensure an assessment and report is completed and reported to the Office of the Australian Information Commissioner (OAIC) within 30 days. If an eligible data breach is confirmed, as soon as practicable we will provide you with a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take.
Reliance Medical Practice is committed to advising patients about its information handling practices.
6.2. A Privacy Statement describing our approach to privacy will be on public display.
6.3. Brochures detailing the Reliance Medical Practice personal information handling practices will be provided to any person requesting access to it.
7. Access & Correction
Under normal circumstances the Reliance Medical Practice will provide a patient with access to their personal information within 30 days of receiving a request for access.
7.1. All requests are asked to be provided in writing through use of the Patient Request for Access to Personal Information form supplied. Identification is also requested to ensure that a false application is not lodged.
7.2. There will be no fee associated with lodging a request for access, however, an administration fee may be charged as set out in the Request for Access application.
7.3. Patients will be provided with an opportunity to discuss their personal information with an appropriate member of staff when access is sought, however a fee for the doctor’s time may be charged.
7.4. Provision of access to a patient’s personal information will be undertaken in a way that is appropriate to the person’s particular circumstances, e.g. use of interpreters, etc.
7.5. If a patient believes that information held by Reliance Medical Practice is inaccurate or incomplete, the Reliance Medical Practice take steps to amend or correct the information.
7.6. The Reliance Medical Practice may refuse access if it reasonably believes that:
7.6.1. A person’s health, safety or wellbeing may be compromised by releasing the information; or
7.6.2. Providing access would be unlawful or would prejudice a legal investigation.
7.6.3. Providing access would affect the privacy of others.
7.6.4. The request for access is frivolous and/or vexatious.
7.6.5. The information held in the patient’s medical record would be used against the doctor in a medico-legal matter.
7.7. Under circumstances other than those described in 6.6 where information is withheld, Reliance Medical Practice will ensure that its practices are consistent with the provisions of NPP 6.
7.8. If information is withheld under NPP 6.4, the Reliance Medical Practice will provide an explanation to the patient as to the reasons why this was the case
Except where circumstances allow (NPP 7.2), the Reliance Medical Practice will not use Medicare or Veterans Affairs numbers or other identifiers assigned by a Commonwealth or State/Territory agency to identify personal information.
Where it is lawful and practicable to do so, the Reliance Medical Practice will allow patients to provide information anonymously.
9.1. A patient who chooses to access the services of the Reliance Medical Practice anonymously will be advised of any potential consequences resulting from their decision. For example where the lack of a contact name or address may jeopardise care in an emergency situation.
9.2. We will not automatically preclude a patient from participating in the activities of the Reliance Medical Practice because they request anonymity.
10. Transborder Data Flows
10.1. Reliance Medical Practice will only transfer personal information about a patient to someone who is in a foreign country if:
the patient consents to the transfer; or
the recipient is bound by legislation that is substantially similar to the NPPs; or
Reliance Medical Practice is reasonably sure that the information will not be held, used or disclosed inconsistently with the NPPs.
11. Sensitive Information
11.1. Reliance Medical Practice will only collect sensitive information# other than health information about a patient if:
the patient consents; or
the collection is required by law; or
such collection is consistent with the provisions of NPP 10
(Guidelines on Privacy in the Private Health Sector, Office of the Privacy Commissioner)
# Health information means:
information or an opinion about:
the health or a disability (at any time) of an individual; or
an individual’s expressed wishes about the future provision of health services to him or her; or
a health service provided, or to be provided, to an individual; that is also personal information; or
other personal information collected to provide, or in providing, a health service; or
other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances.
Health service means:
an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the person performing it:
to assess, record, maintain or improve the individual’s health; or
to diagnose the individual’s illness or disability; or
to treat the individual’s illness or disability or suspected illness or disability; or
The dispensing on prescription of a drug or medicinal preparation by a pharmacist.
The term health service provider as used in these Guidelines means a provider of a health service. The term ‘health service provider’ is not separately defined in the Privacy Act.
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information means:
information or an opinion about an individual’s:
racial or ethnic origin; or
political opinions; or
membership of a political association; or
religious beliefs or affiliations; or
philosophical beliefs; or
membership of a professional or trade association; or
membership of a trade union; or
sexual preferences or practices; or
that is also personal information; or
health information about an individual.
The Privacy Act defines a ‘responsible person’ as:
a child or sibling at least 18 years of age;
a spouse or de facto spouse;
a relative at least 18 years of age and a member of the individuals household;
a guardian or a person exercising enduring power of attorney that can be exercised in relation to the individuals health;
a person who has an intimate personal relationship with the individual; or
a person nominated by the individual to be contacted in an emergency.