Introduction

We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (hereafter referred to as “privacy legislation”).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from January 2024 and is reviewed annually. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in the practice.

​

Collection

We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, credit card and direct debit details and contact details. This information may be stored on our computer medical records system and/or in handwritten medical records.

Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as your family, authorized Medical Guardian or Power of Attorney, treating specialists, radiologists, pathologists, hospitals, other health care providers, and the Myhealth record system.

We collect information in various ways, such as over the phone, or in writing, or over the internet if you transact with us online. This information may be collected by medical and non-medical staff.

In emergency situations we may also need to collect information from your relatives or friends.

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.

​

Use and Disclosure

We will treat your personal information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist or requests for x-rays.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, debt collection agents, the electronic transfer of prescriptions service or to the Myhealth record system. We may also from time to time provide statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf such as an IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.    

                                                                                                                              

Electronic Communication Policies

EMAIL

This practice routinely uses non-secure email protocols in communicating with families and representatives of patients, as well as with nursing staff and other health professionals. Accordingly, the practice cannot guarantee the strict security and privacy of email content, and we require your explicit permission to use email in communicating with you, your authorised representatives and other healthcare providers or entities involved in your care. You will need to sign a consent form which we provide when new patients are enrolled, and can be provided any time on request.

If permission is granted, the practice will confirm the email address provided by sending a test message, which needs to be confirmed.

The practice will continue to use the email details provided, unless and until a new email address is provided.

The practice will ensure our staff are trained and use internal protocols to check email addresses match the particular intended recipient, and are entered accurately before sending.

All email communication in relation to the medical care of a patient forms part of the medical record and must be held and stored according to relevant legislation, including the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW).

If you wish to discuss any email privacy concerns in greater detail or wish to make alternative arrangements for communicating sensitive information with the practice or other healthcare providers, please call us, or write to us at the details below.

​

SMS

This practice regularly uses SMS to communicate with patients and families to confirm times and details of meetings and scheduled phone calls.

Our doctors also receive communications from nursing staff in the form of SMS messages including photographs of wounds, skin rashes or lesions, or other conditions manifesting acute physical changes from nursing staff. They also may receive SMS photographs of x-rays and pathology results, in order to quickly transmit important clinical information, and allow speedier management decisions.

Our doctors also regularly use SMS to communicate with specialists and other healthcare providers, for instance in order to share information about changes in our patients’ clinical conditions, or medication changes.

If you wish to receive SMS messages in relation to the healthcare services we offer to you as a patient, or to a patient for whom you are an authorised legal representative, or if you wish Dr Walker to be able to use SMS to communicate and share clinical information in a timely manner with other healthcare providers, you will need to sign an electronic communication consent form, which we provide when new patients are enrolled and can be provided any time on request, specifying permission for the uses outlined.

If permission is received, the practice will confirm the mobile phone number provided by sending a test message, which needs to be confirmed.

The practice will continue to use the same mobile number details provided, unless and until a new mobile phone number is provided.

The practice will ensure staff are trained and use internal protocols to check SMS addresses match the particular intended recipient, and are entered accurately before sending.

The mobile phones used by our doctors for sending and receiving clinical messages or images via SMS are secured against unauthorised access and require password or biometric (fingerprint) for every access. Any images taken or received, if clinically relevant, will not be automatically uploaded to a cloud photo-storage service, but is transferred to patient file in a timely manner via direct transfer to an authorised computer for upload into the patient record, or else deleted if it is not clinically relevant, or if it has been stored and saved already by another healthcare provider.

Where the content of SMS messages relates to the clinical care of a patient, the relevant information contained in the communication must be recorded in the medical record, and must be held and stored according to relevant legislation, including the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW). The SMS itself is not stored in the patient record.

If you wish to discuss any SMS privacy concerns in greater detail, or wish to make alternative arrangements for communicating sensitive information with the practice, please call us, or write to us at the details below.

​

SPAM

In accordance with the Spam Act 2003 (Cth), this practice will not send unsolicited emails or SMS messages to patients or families, except in relation to matters directly concerning ongoing medical care.

 

CLINICAL PHOTOGRAPHS

Our doctors may use clinical photographs taken on smartphones to track and record changes in certain physical manifestations of disease (such as rashes or wounds), or to share key clinical information with other healthcare professionals via SMS, MMS, or email, in order to allow faster diagnosis and treatment.

Clinical images are also sometimes taken of medical charts, results and other printed material containing personal healthcare information, in order to quickly forward such details electronically to another health practitioner for management advice.

Our doctors regularly receive SMS or email messages from nursing staff, including smartphone photographs of wounds, skin rashes or lesions, or other conditions manifesting acute physical changes requiring clinical advice. Our doctors also receive SMS or email messages containing photographs of x-rays and pathology results to allow timely management decisions.

The mobile phones used by our doctors for sending and receiving clinical images via SMS or email are secured against unauthorised access and requires password or biometric (fingerprint) for every access. They also can be remotely deleted in the event of loss or theft. Any images taken or received, if clinically relevant, are transferred to the relevant patient’s file via direct transfer through an authorised computer and uploaded into the patient record, or else deleted (for instance if not clinically relevant, or stored and saved by another healthcare provider). No clinical images are uploaded to any overseas cloud-based photograph storage service.

Data Quality and Security

We will take reasonable steps to ensure that your personal information is accurate, compete, up to date and relevant. For this purpose our staff may ask you or your authorized representative to confirm that the details we hold about you are correct when we communicate with them. We request that you or your authorized representative let us know if any of the information we hold about you is incorrect or out of date.

Personal information that we hold is protected by:

• securing our premises;

• placing passwords and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and

• securely destroying any paper documents received after scanning into our database.

 

Corrections

If you believe that the information we have about you is not accurate, complete or up to date, we ask that you contact us in writing (see details below).

​

Access

You or your authorized representative are entitled to request access to your medical records. We request that you put your request in writing and we will respond to it within a reasonable time.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

​

Complaints

If you have a complaint about the privacy of your personal information (including complaints about our use of the Myhealth record system), we request that you contact us in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.

​

Overseas Transfer of Data

We will not transfer your personal information to an overseas recipient unless we have your consent or we are required to do so by law.

​

Contact

Please direct any queries, complaints, requests for access to medical records to:

The Practice Manager

St. Andrews Health

St Andrews VIC​​​​​​​​

​

​

​